Bitdefender joins No More Ransom

Security vendor Bitdefender has joined the Europol supported No More Ransom project. The goal of the project is to provide free tools for users to help them unlock machines infected by ransomware. Bitdefender is the sixth security vendor to contribute tools to the project alongside Trend Micro and founders Kaspersky and Intel Security (McAfee).

Catalin Cosoi, Chief Security Strategist, Bitdefender said: “With estimates of ransomware induced financial losses nearing the billion dollar mark by the end of 2016, traditional security mechanism and technologies have fallen short of a complete defense against this type of threat.”

Ransomware an ever growing threat

Yesterday IBM Security published a report showing that 70% of businesses infected with Ransomware in the US have paid up. Some 20% of companies paid over $40,000 to have machines unlocked. Surprisingly the US has so far opted out of the No More Ransom project. Part of the reason for that could be that this started as a European project. It has now expanded to encompass Columbia and Singapore with more countries likely to join in 2017.

It is not just new variations of ransomware that are infecting machines by evading endpoint protection. Ransomware authors are running distribution programs with high rewards for those who infect machines. A single corporate infection could net a reward payment of over $30,000 for the person who gets the code onto the machines. This is making it a very lucrative market for young hackers looking for easy cash.

20 tools and growing

There are now more than 20 free decryptor tools that can be downloaded from the No More Ransom website. This includes a decryptor for the Linux.Encoder ransomware contributed by Bitdefender. While these only address a limited number of the ransomware variants out there it is a start.

Surprisingly there are no stats on the website to say how many times tools have been download. There also appears to be no way for Europol or others to track the effectiveness of No More Ransom. This is disappointing. While consumers will quickly turn to free tools, businesses tend to want proof of efficacy. We have emailed the Europol EC3 press office asking if they have any numbers for tool downloads but so far there has been no response.

Bitdefender tips for avoiding ransomware

Bitdefender has provided a set of tips to help companies and users stay safe from ransomware. For users it says:

• Use a known, award-winning security suite
• Patch or update your software to avoid known vulnerabilities from being exploited and used to infect your system
• Back up your data
• Enable the “Show hidden file extension” option. This will help identify suspicious files that have been named “.ZIP.EXE” and prevent their execution

Companies, meanwhile, are strongly encouraged to:

• Use an endpoint security solution
• Patch or update all endpoint software and webservers
• Deploy a backup solution
• Disable files from running in locations such as “AppData/LocalAppData” and deploy policies that restrict users from executing malware
• Limit users from accessing mapped network drives
• Protect email servers with content filtering solutions
• Educate employees on identifying spear-phishing emails and other social engineering techniques.

Conclusion

The threat from Ransomware will continue to grow in 2017 according to most of the security predictions we have received. It is a dangerous threat that forces companies to pay out if they do not have a proper process for stopping it. There is a small but growing number of security vendors who believe that they can prevent attacks. They go so far as to offer guarantees to users and companies. The problem is that the rewards are good and until we get a wider set of tools that will block ransomware from infecting machines, hackers will continue to profit from this malware.