Intel Security is leading a new ransomware prevention initiative which has the dual purpose of educating individuals on the danger of ransomware in an effort to prevent infections, and also helping victims who have had their files locked by ransomware. The ransomware prevention initiative involves a collaboration between Intel Security, Kaspersky Lab, Europol, and the Dutch Police (Politie).
The risk from ransomware is growing at an alarming rate. Kaspersky Lab has released figures which show the extent of the problem. Between 2014 and 2015, Kaspersky Lab was alerted to 131,000 ransomware infections. Between 2015 and 2016 the number of victims rose to 718,000. Action therefore needs to be taken to deal with the ransomware threat.
Ransomware Prevention Initiative “No More Ransom” is Launched
The No More Ransom website provides advice on how to protect against ransomware as well as helping victims whose files have been locked. The website will become a repository for ransomware decryption tools and will be used to share information on the latest threats.
For the launch, four decryption tools have been added to the site. Individuals infected with CoinVault, RannohDecryptor, RakhniDecryptor, and ShadeDecryptor are able to download the decryption tools directly from the website. The tools that were developed by Intel Security and Kaspersky Lab to unlock files encrypted by TeslaCrypt will also be uploaded to the website in the next few days.
While there are four entities involved in the initiative at present, more vendors and organizations are being sought to support the project. The more companies that get involved and help with the fight against ransomware, the more effective the project will become.
It is hoped that national Computer Emergency Response Teams and law enforcement agencies will promote the website and the use of the tools that are hosted on the site. The success of the project depends on victims being aware that there is a website resource they can use to unlock ransomware infections.
Other entities will be able to submit their own ransomware decryption tools, although only a small number of individuals will be able to post on the website. Before any new tool is uploaded to the website it will be subjected to a rigorous assessment. All of the partners will need to authorize tools before they can be uploaded to the site.
As the name of the project suggests, one of the main aims of the initiative is to make ransomware less profitable for malware authors. The more individuals that pay ransoms, the more profit the ransomware gangs will make. As long as ransomware remains profitable, there will be no shortage of malicious actors willing to get involved. Only by preventing ransoms from being paid will it be possible to tackle the problem.
In terms of prevention, both Intel Security and Kaspersky Lab offer details of the products they have developed that can help with the identification of ransomware and block the delivery of malicious software. Website visitors are also provided with general advice on how to reduce the risk of infections and told of best practices to adopt to protect their files.