Ransomware threat escalating, warns Europol

The No More Ransom initiative boasts 109 partners and 54 decryption tools covering 104 kinds of ransomware a year after it was set up to counter the still-growing threat of ransomware to businesses, governments and individuals.

Ransomware typically encrypts critical data and then demands payment of a ransom, usually in bitcoin, to restore the data to its unencrypted form.

The No More Ransom online portal, which is aimed at helping victims of ransomware to recover their data and at raising awarness about the dangers of ransomware, started as a joint initiative by the Dutch National Police, Europol, McAfee and Kaspersky Lab, and is now available in 26 languages.

The most recent additions include Barclays, Bournemouth University, the cyber security agency of Singapore, and law enforcement agencies from Czech Republic, Greece, Hong Kong and Iran.

So far, the tools provided by initiative partners have managed to decrypt more than 28,000 devices, depriving cyber criminals of an estimated €8m in ransom money.

The portal has counted over 1.3 million unique visitors and, on 14 May 2017 alone, during the WannaCry crisis, 150,000 people visited the website.

Despite these successes, the ransomware threat continues to evolve, becoming stealthier and more destructive, increasingly targeting businesses more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in mid-May claimed more than 300,000 business victims across 150 countries in its first few days, crippling critical infrastructure and businesses.

According to Kaspersky Lab’s ransomware report published in June 2017, the number of ransomware victims between April 2016 and March 2017 rose by 11.4% compared with the previous 12 months to more than 2.5 million users around the world.

The success of the No More Ransom initiative is a shared success that cannot be achieved by law enforcement or private industry alone, Europol said in a statement.

“By joining forces, we enhance our ability to take on the criminals and stop them from harming people, businesses and critical infrastructure, once and for all,” the statement said.

Law enforcement globally, in close co-operation with private partners, has ongoing investigations into ransomware criminals and infrastructure.

“However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place,” Europol said.

Europol said there are many up-to-date prevention tips are available on the No More Ransom portal, and advised victims against paying any ransom to attackers but to report the matter to the police instead.

Ransomware is a proven business model that will remain popular with attackers as long as victims continue to pay, according to David Emm, principal security researcher at Kaspersky Lab.

“Ransomware bucks the trend towards stealthier, less visible attacks because it is as in your face as a mugging,” he told Computer Weekly in March 2017.

To defend against ransomware attacks, Kaspersky Lab recommends conducting proper and timely backups of data; using a security system with behaviour-based detection technologies; visiting the No More Ransom portal for help and advice; auditing installed software to ensure it is up to date; requesting external intelligence from reputable suppliers; training employees on how to recognise and avoid ransomware; and implementing adequate detection and response capabilities.