kaptn - Fotolia
An online portal aimed at helping victims of ransomware to recover their data without having to pay ransom to cyber criminals has increased its capacity.
Ransomware typically encrypts critical data and then demands payment of a ransom, usually in bitcoin, to restore the data to its unencrypted form.
The project is an example of cyber security experts uniting around a common purpose and represents a new level of co-operation between law enforcement and the private sector around fighting ransomware.
In the nine months since its launch, more law enforcement and private partners have joined, eight languages have been added to bring the total to 14 and 15 decryption tools have been added to bring the total to 39.
More languages are expected to be made available soon in the light of the global nature of the threat.
Since Kaspersky Lab’s report in December 2016, more than 10,000 victims worldwide have been able to decrypt their affected devices using the portal’s free decryption tools.
Ransomware is a proven business model that will remain popular with attackers as long as victims continue to pay, according to David Emm, principal security researcher at Kaspersky Lab.
“Ransomware bucks the trend towards stealthier, less visible attacks because it is as in your face as a mugging,” he told Computer Weekly in March 2017.
Businesses increasingly targeted by ransomware
Kaspersky Lab researchers also warn that ransomware actors have begun focusing on targeted attacks against businesses rather than private individuals.
The researchers have identified at least eight groups of cyber criminals involved in encryption ransomware development and distribution that have switched attention to business targets.
Cyber criminals have realised that targeted ransomware attacks against businesses are potentially more profitable than mass attacks against private users.
The attacks have mainly hit financial organisations worldwide, with ransom demands exceeding half a million dollars in some cases.
In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.
Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption.
Read more about ransomware
- Businesses still get caught by ransomware even though straightforward avoidance methods exist.
- Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
- The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
- The CryptoLocker ransomware caught many enterprises off guard, but there is a defence strategy that works.
Security software firm Avast, Poland’s computer emergency response team and Eleven Paths, Telefonica’s cyber security unit, have joined No More Ransom as associate partners, bringing the total to seven.
With 30 new supporting partners also joining the program, the overall total is now 76. New to join from the law enforcement side are Australia, Belgium, Interpol, Israel, South Korea, Russia and Ukraine.
The decryption tools have been provided by Avast, Bitdefender, Cert Polska, Check Point, Eleven Paths, Emisoft and Kaspersky Lab.
To defend against ransomware attacks, Kaspersky Lab recommends: conducting proper and timely backups of data; using a security system with behaviour-based detection technologies; visiting the No More Ransom portal for help and advice; auditing installed software to ensure it is up to date; requesting external intelligence from reputable suppliers; training employees on how to recognise and avoid ransomware; and implementing adequate detection and response capabilities.