GCA Spotlight Series: No More Ransom

By Krista Montie

The dreaded “You’ve been P’Owned” message is something no one wants to see. It could mean someone has taken over your system and is holding your information ransom. Ransomware has exploded and is a significant threat to businesses, governments and individuals. Enterprise ransomware is up 12% and mobile ransomware is up 33% according to Symantec’s 2019 Internet Threat Security Report.  

One organization taking a proactive approach to address the growing epidemic is No More Ransom, a joint initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre (EC3) and McAfee. The program, whose laser-focused mission is clearly captured in its succinct name, is focused on helping victims of ransomware retrieve their encrypted data without having to pay the criminals. The heart of the initiative is the No More Ransom portal, which provides free decryption tools for removing known ransomware, along with awareness resources to help users better detect and protect against ransomware.

No More Ransom Project“This program is about awareness and tools. We launched the portal in July 2016, as a result of an initial collaboration with the Dutch police and a very reduced number of internet security companies,” said María Sánchez, EC3’s Cybercrime Prevention & Communication Officer. “The Dutch colleagues had experience working with the private sector on solving ransomware cases and developing decryption tools as a result, so everyone said let’s cooperate on a bigger scale.”

Europol was a logical choice for the project, given its reputation for neutrality and ability to scale. “People trust Europol,” Sánchez said. The initiative takes a completely vendor neutral and non-partisan approach.

And scale it did. The project started small and grew quickly. Currently there are more than 70 tools available through the site, with 143 partners, representing organizations in law enforcement, the security industry and others across the globe. And the number of partners and tools available grow monthly. To date, the project has made possible more than 90,000 successful decryptions, preventing millions of dollars from going to the criminals’ pockets.

At the portal, visitors can use the  CRYPTO SHERIFF feature, providing information about the type of ransomware they are experiencing. If a decryption tool exists for it, they can download it to eradicate the particular ransomware. Not every decryption key is available due to the complex and constantly changing nature of ransomware. No More Ransom continuously works with security companies and law enforcement agencies to identify as many tools as possible, for as many variants as possible. It’s important to note that no information is collected or stored from the victims, which again contributes to the trusted reputation this project has.

The initiative has no budget – everything is done pro bono. “We have a staff of three, including myself, who dedicate their time to this effort along with their regular day jobs at Europol,” said Sánchez. The portal is managed by Europol exclusively and is available in some three dozen languages.  

“We had no idea if we would get support and attention, but we did from day one. We are tremendously grateful to all of the individuals and organizations that have contributed their time and resources to this effort.”

In addition to the hard work of the founding staff, the project is made possible through donations and support from many partners. No More Ransom engages two primary categories of partners: those who give encryption tools, known as Associate Partners; and Supporting Partners, who amplify the message, increase awareness and offer additional support, such as translations of the portal. Supporting partners comprise EU agencies, global law enforcement, and public and private sector entities, including the Global Cyber Alliance. “We work with entities across the US and EU, as well as Asia, Africa, South America, and elsewhere. It’s truly a collaborative effort,” said Sánchez.

The No More Ransom project has developed a strong relationship with law enforcement throughout Europe and globally. The project doesn’t collect any victim data and does not report crimes or incidents to law enforcement, however, the portal facilitates reporting by providing direct links to law enforcement/fraud-related agencies in nearly 40 countries, such as the FBI in the US, Action Fraud, the UK’s national reporting centre for fraud and cybercrime, the Australian Cybercrime Online Reporting Network (ACORN), and the Singapore Police Force, among others.

Sánchez stresses the importance of law enforcement and the private sector working together and cites the strong collaboration as a key ingredient for success. “Law enforcement and private entities hold different pieces of the same puzzle. We have to stay ahead of the criminals and need to get the tools out as fast as possible. By working together, we are better able to do that.”

What does the future look like for No More Ransom? Sánchez and the project team are continuously looking at ways to expand the initiative. “New ransomware is developed all the time, so of course the project needs to evolve in response.”  The project is also looking to see if they can find new ways to measure the impact and improve the statistical reporting of the portal.

Sánchez encourages people to get involved through contacting one of the existing partners. “We are always looking for new decryption tools, translation services, and outreach assistance,” Sánchez notes.

To learn more about No More Ransom, visit the website: https://www.nomoreransom.org/en/index.html