Ransomware threat escalating, warns Europol

The No More Ransom initiative boasts 109 partners and 54 decryption tools covering 104 kinds of ransomware a year after it was set up to counter the still-growing threat of ransomware to businesses, governments and individuals.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Ransomware typically encrypts critical data and then demands payment of a ransom, usually in bitcoin, to restore the data to its unencrypted form.

The No More Ransom online portal, which is aimed at helping victims of ransomware to recover their data and at raising awarness about the dangers of ransomware, started as a joint initiative by the Dutch National Police, Europol, McAfee and Kaspersky Lab, and is now available in 26 languages.

The most recent additions include Barclays, Bournemouth University, the cyber security agency of Singapore, and law enforcement agencies from Czech Republic, Greece, Hong Kong and Iran.

So far, the tools provided by initiative partners have managed to decrypt more than 28,000 devices, depriving cyber criminals of an estimated €8m in ransom money.

The portal has counted over 1.3 million unique visitors and, on 14 May 2017 alone, during the WannaCry crisis, 150,000 people visited the website.

Despite these successes, the ransomware threat continues to evolve, becoming stealthier and more destructive, increasingly targeting businesses more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in mid-May claimed more than 300,000 business victims across 150 countries in its first few days, crippling critical infrastructure and businesses.

According to Kaspersky Lab’s ransomware report published in June 2017, the number of ransomware victims between April 2016 and March 2017 rose by 11.4% compared with the previous 12 months to more than 2.5 million users around the world.

The success of the No More Ransom initiative is a shared success that cannot be achieved by law enforcement or private industry alone, Europol said in a statement.

“By joining forces, we enhance our ability to take on the criminals and stop them from harming people, businesses and critical infrastructure, once and for all,” the statement said.

Law enforcement globally, in close co-operation with private partners, has ongoing investigations into ransomware criminals and infrastructure.

“However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place,” Europol said.

Europol said there are many up-to-date prevention tips are available on the No More Ransom portal, and advised victims against paying any ransom to attackers but to report the matter to the police instead.

Ransomware is a proven business model that will remain popular with attackers as long as victims continue to pay, according to David Emm, principal security researcher at Kaspersky Lab.

“Ransomware bucks the trend towards stealthier, less visible attacks because it is as in your face as a mugging,” he told Computer Weekly in March 2017.

To defend against ransomware attacks, Kaspersky Lab recommends conducting proper and timely backups of data; using a security system with behaviour-based detection technologies; visiting the No More Ransom portal for help and advice; auditing installed software to ensure it is up to date; requesting external intelligence from reputable suppliers; training employees on how to recognise and avoid ransomware; and implementing adequate detection and response capabilities.