Belgian police share Cryakl ransomware keys

The Belgian Federal Police obtained the decryption keys for the Cryakl ransomware during an investigation after Belgian citizens were hit by the ransomware.

The Belgian Federal Computer Crime Unit (FCCU) was able to locate a command and control centre in one of Belgium’s neighbouring countries.

Led by the federal prosecutor’s office, the Belgian authorities seized the command and control servers and other servers, while forensic analysis worked to retrieve the decryption keys.

Kaspersky Lab, one of the founders of No More Ransom, provided technical expertise to the Belgian federal prosecutor and has now added these keys to the portal to enable victims to regain access to their encrypted files without having to pay the criminals.

The Belgian authorities are currently continuing the investigation, but decided to release the keys to help victims of this ransomware.

By sharing the keys with No More Ransom, the Belgian Federal Police becomes a new associated partner of the project, the second law enforcement agency after the Dutch National Police.

In recent years, ransomware has eclipsed most other cyber threats, with global campaigns indiscriminately affecting organisations across multiple industries in the public and private sector, as well as consumers.

One of the most effective ways to fight ransomware is to prevent it, which is why No More Ransom was launched more than a year ago, Europol said in a statement.

No More Ransom was started as a joint initiative by the Dutch National Police, Europol, McAfee and Kaspersky Lab in July 2016, and since then, has added more than 50 free decryption tools to decrypt 84 ransomware families.

The number of partners working together on No More Ransom has risen to more than 120, including more than 75 internet security companies and other private partners.

The Cypriot and Estonian police are the most recent to join the list of supporting law enforcement agencies, which includes the UK’s National Crime Agency (NCA).

Telecommunications companies KPN and Telenor, and The College of Professionals in Information and Computing (CPIC) have also joined recently as new private sector partners.

The release of the Cryakl decryption keys is yet another successful example of how cooperation between law enforcement and internet security companies can lead to great results, said Europol.

Since the launch of the No More Ransom portal, almost 1.6 million people from more than 180 countries have accessed the website, available in 29 languages, with Estonian as the most recent addition.

CryptXXX, CrySIS and Dharma are the most detected infections, and more than 35,000 people have managed to retrieve their files for free, which is estimated to have prevented criminals from profiting from more than €10m.