Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NoMoreRansom Says 28,000 Victim Devices Decrypted

This week marks the one-year anniversary of the launch of the NoMoreRansom project. The project comprises an alliance of law enforcement agencies and private industry, currently totaling 109 partners. Its purpose is to gather all known ransomware decryptors in one location (the NoMoreRansom website) so that ransomware victims can at least attempt to decrypt encrypted files.

This week marks the one-year anniversary of the launch of the NoMoreRansom project. The project comprises an alliance of law enforcement agencies and private industry, currently totaling 109 partners. Its purpose is to gather all known ransomware decryptors in one location (the NoMoreRansom website) so that ransomware victims can at least attempt to decrypt encrypted files.

The project was launched on July 25, 2016 by the Dutch National Police, Europol, McAfee and Kaspersky Lab and now holds access to 54 decryption tools provided by 9 partners and covering 104 ransomware families. The site itself is available in 26 languages.

Since its inauguration it has helped decrypt 28,000 ransomware victim devices — but, warns Europol, the threat is still escalating. “Ransomware has soared since 2012, with criminals lured by the promise of profit and ease of implementation. The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting businesses more than individuals because the potential returns are much higher.” 

Europol notes that WannaCry alone claimed more than 300,000 business victims across 150 countries in its first few days; and that some organizations are still struggling to recover from the NotPetya attacks of June 27. It adds, “The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world.

These figures demonstrate that NoMoreRansom is no solution to ransomware. It has benefited 28,000 users (and this should not be dismissed); but that figure is less than one-ninetieth of the total number of victims.

Europol recognizes this. “Prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place. Many up to date prevention tips are available on www.nomoreransom.org.” Its advice remains, “If you do become a victim, it is important not to pay the ransom and report your infection to the police.”

It is equally clear, however, that many people do pay the ransom. At Black Hat this week, Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering researchers presented details of their own investigation into ransomware payments. They have been able to track payments through the bitcoin blockchains from distribution sites to the cash-out points. It is hoped that law enforcement will be able to pick up the trail from here and use traditional money-tracking methods to locate the criminals.

The team tracked 34 separate ransomware families over the last two years, concluding that ransomware victims have paid out $25 million to the criminals; and that Locky alone generated $7 million. Cerber generated $6.9 million and CryptXXX generated $1.9 million.

Advertisement. Scroll to continue reading.

With such figures, it is understandable that the usual ‘official’ advice from both law enforcement and security researchers is, “Don’t pay the ransom: there is no guarantee that the criminals will decrypt your files, you paint a target on your back for further attacks, and you fund the whole criminal ecosystem.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.