Sergey Nivens - Fotolia
The Belgian Federal Computer Crime Unit (FCCU) was able to locate a command and control centre in one of Belgium’s neighbouring countries.
Led by the federal prosecutor’s office, the Belgian authorities seized the command and control servers and other servers, while forensic analysis worked to retrieve the decryption keys.
Kaspersky Lab, one of the founders of No More Ransom, provided technical expertise to the Belgian federal prosecutor and has now added these keys to the portal to enable victims to regain access to their encrypted files without having to pay the criminals.
The Belgian authorities are currently continuing the investigation, but decided to release the keys to help victims of this ransomware.
In recent years, ransomware has eclipsed most other cyber threats, with global campaigns indiscriminately affecting organisations across multiple industries in the public and private sector, as well as consumers.
One of the most effective ways to fight ransomware is to prevent it, which is why No More Ransom was launched more than a year ago, Europol said in a statement.
No More Ransom was started as a joint initiative by the Dutch National Police, Europol, McAfee and Kaspersky Lab in July 2016, and since then, has added more than 50 free decryption tools to decrypt 84 ransomware families.
The number of partners working together on No More Ransom has risen to more than 120, including more than 75 internet security companies and other private partners.
Read more about ransomware
- Business warned of massive ransomware campaign.
- How does the Locky ransomware file type affect enterprise protection?
- How does Locky ransomware get distributed by the Necurs botnet?
- Focus: how to avoid being hit by ransomware.
The release of the Cryakl decryption keys is yet another successful example of how cooperation between law enforcement and internet security companies can lead to great results, said Europol.
Since the launch of the No More Ransom portal, almost 1.6 million people from more than 180 countries have accessed the website, available in 29 languages, with Estonian as the most recent addition.
CryptXXX, CrySIS and Dharma are the most detected infections, and more than 35,000 people have managed to retrieve their files for free, which is estimated to have prevented criminals from profiting from more than €10m.