Sometimes, the good guys fight back. As ransomware attacks increased over the past decade, law enforcement and the security industry joined forces to tackle the threat. Today, 27 July, marks the fourth anniversary of that collaboration, No More Ransom.
No More Ransom launched in July 2016 as a joint initiative of the Dutch National Police, Europol, Intel Security and Kaspersky Lab. It’s a free scheme that lets victims of ransomware recover without having to pay back their attackers.
Later that same year, BH Consulting was among the first companies to join No More Ransom as a partner. Since then, the non-commercial group has grown to include 163 organisations from across the public and private sectors. They dedicate their time and expertise to helping the cause and keeping money out of criminals’ pockets.
No More Ransom’s achievements
The project has published an infographic with some of the key milestones since it began. Since it first launched, the portal has had more than 4.2 million visitors from 188 countries. It has prevented an estimated $632 million (€539 million) in ransom demands from ending up in criminals’ pockets.
In the past year, the nomoreransom.org portal has added 28 tools and can now decrypt 140 different types of ransomware infections. The portal is available in 36 languages.
Despite the efforts of No More Ransom, criminals’ work shows no signs of letting up. In a press release, Europol noted that COVID-19 pandemic hasn’t put a dent in ransomware’s rise. “While the world is in the grip of a coronavirus outbreak, another virus is quietly wreaking havoc. Although this virus has been around for years, its cases have been rising alarmingly in the past few months and has brought critical activities such as hospitals and governments to a standstill,” it said.
From the criminal’s perspective, ransomware works because it’s easy to deploy and its financial hit is so immediate. A social engineering attack like phishing is an easy route into a target’s IT systems. Once it infects a victim’s computer or server, it blocks access to their files unless they pay to have them released.
Some strains of ransomware threaten to destroy files permanently if the victim doesn’t pay the ransom, upping the pressure on them to give in. Victims face often severe disruption to normal operations – literally in the case of hospitals. Other high-profile victims like Maersk were forced to go back to paper operations just to keep running.
The risk keeps rising
Separately, a recent survey from Sophos shows just how much of a risk ransomware now is. After polling 5,000 IT professionals across 26 countries, it found that 51 per cent were hit in the past year alone. In 73 per cent of cases, the attacks successfully encrypted a victim’s data and stopped them accessing it.
Just over a quarter of victims (26 per cent) whose data was encrypted got their data back by paying the ransom. A further 1 per cent paid the ransom but didn’t get their data back. Most organizations whose data was encrypted (94 per cent) got it back. More than twice as many got it back via backups (56 per cent) than by paying the ransom. In separate research, the cyber insurer Hiscox found that 6.5 per cent of Irish firms paid up following a ransomware attack.
Prevention still the best cure
No More Ransom goes a long way to help people impacted by ransomware, but new variants are appearing all the time. Some infections don’t have a decryption tool available yet. Fortunately, there are some preventative steps you can take to protect yourself from ransomware:
- Always keep a copy of your most important files somewhere else: in the cloud, on another drive offline, on a memory stick, or on another computer
- Use reliable and up-to-date anti-malware software
- Don’t download executable files from suspicious or unknown sources
- Don’t open attachments in emails from unknown senders, even if they look important and credible.
Have you signed up to our monthly newsletter? Every month we send out curated advice, guidance, learning and trends in security and privacy, as chosen by our consultants. Sign up here