kaptn - Fotolia

No More Ransom expands capacity

More organisations have joined an anti-ransomware cross-industry initiative, boosting its capacity to help victims of ransomware as attackers begin to focus on business targets

An online portal aimed at helping victims of ransomware to recover their data without having to pay ransom to cyber criminals has increased its capacity.

Ransomware typically encrypts critical data and then demands payment of a ransom, usually in bitcoin, to restore the data to its unencrypted form.

No More Ransom, which is also aimed at informing the public about the dangers of ransomware, started as a joint initiative by the Dutch National Police, Europol, Intel Security and Kaspersky Lab.

The project is an example of cyber security experts uniting around a common purpose and represents a new level of co-operation between law enforcement and the private sector around fighting ransomware.

In the nine months since its launch, more law enforcement and private partners have joined, eight languages have been added to bring the total to 14 and 15 decryption tools have been added to bring the total to 39.

More languages are expected to be made available soon in the light of the global nature of the threat.

Since Kaspersky Lab’s report in December 2016, more than 10,000 victims worldwide have been able to decrypt their affected devices using the portal’s free decryption tools.

Ransomware is a proven business model that will remain popular with attackers as long as victims continue to pay, according to David Emm, principal security researcher at Kaspersky Lab.

“Ransomware bucks the trend towards stealthier, less visible attacks because it is as in your face as a mugging,” he told Computer Weekly in March 2017.

Businesses increasingly targeted by ransomware

Kaspersky Lab researchers also warn that ransomware actors have begun focusing on targeted attacks against businesses rather than private individuals.

The researchers have identified at least eight groups of cyber criminals involved in encryption ransomware development and distribution that have switched attention to business targets.

Cyber criminals have realised that targeted ransomware attacks against businesses are potentially more profitable than mass attacks against private users.

The attacks have mainly hit financial organisations worldwide, with ransom demands exceeding half a million dollars in some cases.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.

Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption.

Read more about ransomware

Security software firm Avast, Poland’s computer emergency response team and Eleven Paths, Telefonica’s cyber security unit, have joined No More Ransom as associate partners, bringing the total to seven.

With 30 new supporting partners also joining the program, the overall total is now 76. New to join from the law enforcement side are Australia, Belgium, Interpol, Israel, South Korea, Russia and Ukraine.

The decryption tools have been provided by Avast, Bitdefender, Cert Polska, Check Point, Eleven Paths, Emisoft and Kaspersky Lab.

To defend against ransomware attacks, Kaspersky Lab recommends: conducting proper and timely backups of data; using a security system with behaviour-based detection technologies; visiting the No More Ransom portal for help and advice; auditing installed software to ensure it is up to date; requesting external intelligence from reputable suppliers; training employees on how to recognise and avoid ransomware; and implementing adequate detection and response capabilities.

Read more on Hackers and cybercrime prevention