Europol leads new initiative to fight ransomware
Mon 25 Jul 2016
The European investigation agency Europol has combined with Kaspersky Labs, Intel Security and the Dutch police to provide a new resource for the growing numbers of companies and individuals affected by the rise of ransomware – malicious software which locks users’ local files and attempts to extort money in exchange for a decryption key.
The website www.nomoreransom.org provides information on ransomware, and also an initial array of tools to help victims attempt to find solutions to affected systems.
In a post today, Europol notes that corporate and government networks are being increasingly targeted by ransomware authors and distributors, and explains that the new online portal provides four decryption tools for victims.
The latest of these is aimed at victims of Shade, a family of ransomware Trojans that emerged late in 2014, and is delivered, in typical manner, via malicious attachments over email. Shade has a secondary delivery system which is more advanced, and uses an exploit kit to infect the user in a drive-by to a compromised web site.
Shade is statically linked to a bespoke Tor client, and also uses curl and OpenSSL libraries to obfuscate points of traceability in its attempts to extort fees for decryption.
The new portal is open to online collaborators interested in contributing to the project, which has been envisioned as a bridge between private and public institutions with a concern in fighting the ascent of this attack vector in recent years.
In today’s Europol post Kaspersky researcher Jornt van der Wiel comments:
“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together.”
Europol’s Deputy Director of Operations Wil van Gemert adds “For a few years now ransomware has become a dominant concern for EU law enforcement. It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim’s data.”
The project intends also to extend itself to other participating police forces and investigatory authorities.