Three months after its launch, No More Ransomware has expanded its reach outside of Europe. This is good news for a project that started off as a collaboration between the Dutch National Police, Europol, Intel Security and Kaspersky Lab. It has now announced 13 new members including Columbia.
The main goal of the No More Ransomware project is to provide free tools to help users recover their data. According to its latest press release more than 2,500 people manage to decrypt their data in the first two months. It is estimated that they saved over $1 million between them. This is a good start in taking money from the malware community but far from a major hit.
What can be decrypted?
The site has five separate tools to decrypt several ransomware families. This includes Wildfire, Chimera, TeslaCrypt, Shade, CoinVault, Rannoh, Rakhni, Polyglot and MarsJoke. The tools are constantly being updated as the security companies discover the keys to ransomware. They are also delivering tools to decrypt ransomware when the creators decide they’ve had enough. This is what happened with TeslaCrypt in May.
It is important that companies do not just see this as a get out of jail card. There is still a serious message here. This is an attempt to slow the spread of ransomware that is crippling companies. It is not going to fix poor or missing security on devices. This is also no replacement for properly educating staff. These are things that must still go on.
No More Ransomware involved in an arms race
Cyber security is an arms race. As fast as a solution appears for one piece of malware or in this case ransomware, the bad actors release something new. This is the long term challenge for No More Ransomware. At present it doesn’t look to gather information from users about their infections. All it does it enable them to clean it.
There is a need to add a mechanism that gathers the threat intelligence and infection process data. This will provide information on how users got infected. While the majority of the data will just add to that already held, it will generate new discoveries. These are important as they may include information about which exploit kit, phishing message or security breach enabled the infection.
The establishment of No More Ransomware is a good start. It has brought the majority of European police forces into the project. Including Columbia as a first non-EU country is a surprise but to be welcomed. It now needs to bring those countries where a lot of infections are hosted to come on-board. The addition of the USA, Brazil, China and Russia would make this a very powerful project. Without them it is important but lacks access to the in-country intelligence around the malware and ransomware communities.