[NoMoreRansom]Law enforcement and IT security companies join forces to fight ransomware

Discussion in 'malware problems & news' started by ronjor, Jul 25, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,254
    Location:
    Texas
    Help Net SecurityJuly 25, 2016
     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    The site of No More Ransom is https://www.nomoreransom.org/

     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,031
    FanJ

    I was looking over that site earlier this morning. I got the link from pc mags article. It doesn't appear to have been around very long.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    Hi boredog,

    Indeed, it seems to be very new. It was on Monday at the TV News and in newspapers in Holland.
    I don't know whether it will be a success, but any and all attention to the general public about ransomeware is, I guess, good.
    But what I don't understand is why only Kaspersky Lab and Intel Security. You would think the more AV/AM/etc companies involved, the better. Now I know the site is telling "This initiative is open to other public and private parties". But it is still puzzling me.
     
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
  6. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,164
    Actually it was in the Software, Hardware and General Services forum and I put it there because I figured folks not following this forum would benefit.
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    Hey bgoodman4,
    The more attention the No More Ransom project can get the better, I guess; so thanks!

    =====

    Hawki was so kind to post the thread Wildfire ransomware code cracked in which the No More Ransom project was mentioned.
    The Dutch site security.nl has also an article about it, in Dutch.

    Related to a remark by me in reply # 4 here in this thread might be some remarks by Raj Samani, cto of Intel Security, in that security.nl article. According to that article Samani told security.nl that in the near future two more partners will be announced, and that more organizations have asked to be involved. (no names were mentioned, so lets wait).
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    A list of the decryption tools currently available at the No More Ransom project site can be found here:
    https://www.nomoreransom.org/decryption-tools.html
    It gives info about which ransomware can be decrypted, versions, how-to-guides, and the actual downloads.
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    It has just been recently that I became aware of several blogs about the No More Ransom project and related topics. A bit late, I know, sorry. And forgive me in case some links were already posted.

    First about the advice from Europol and the No More Ransom project to not pay the ransom in case your files are locked by ransomware.

    1. An article by Kevin Townsend on 4 August 2016 at SecurityWeek
    40 Percent of Companies Will Pay the Ransom
    It becomes clear that opinions differ whether or not to pay ransom.
    2. That article was commenting on an survey report by Osterman Research commissioned by Malwarebytes.
    Understanding the Depth of the Global Ransomware Problem
    3. A blog by David Harley on 22 Aug 2016 at the Eset site.
    Ransomware: To pay or not to pay?
    That blog gives also comments on the question whether or not to pay ransom.

    Second, and now I come more close.

    4. An article on 25 July 2016 at Infosecurity by Dan Raywood.
    Vendors, Police and Europol Begin Ransomware Fightback
    Third. [3] and [4] are guiding me to the question that has puzzled me from the beginning.

    5. An article by David Harley at AVIEN, the official blog of the Anti-Virus Information Exchange Network.
    Europol says No More Ransom
    In that article is a list given with decryption tools and they are not only from Intel Security and Kaspersky. And there are more of such tools available on the internet. It looks like that I wasn't the only one who was asking why only those two companies.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,254
    Location:
    Texas
    No More Ransom Alliance Gains Momentum
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    Ron, thank you for that article! Appreciated!

    I am really glad that more companies have joined now.
    Two quotes from that article:

    I see several decryption tools from those new partners. https://www.nomoreransom.org/decryption-tools.html

    And:
    While we will not know what the reasons are for not being able to sign a legal agreement (that's probably not our business), it is also good to see those companies becoming "supporting" partners.

    PS:
    At the bottom of https://www.nomoreransom.org/ I don't see the new partners mentioned (I don't know whether that will change).
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,254
    Location:
    Texas
    By Kevin Townsend on April 04, 2017
     
  14. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,687
    Thanks Ron !

    Some more:

    Hawki posted in this post this article:
    https://www.helpnetsecurity.com/2017/04/05/ransomware-decryption-tools/

    Europol Press Release on 4 April 2017 :
    https://www.europol.europa.eu/newsr...ord-number-of-partners-join-global-initiative
    That press release gives a lot of info.

    There has been some discussion about a month ago at the Dutch site Security.nl about the numbers (sorry, in Dutch):
    https://www.security.nl/posting/506198/Politie helpt 75_000 slachtoffers van ransomware
    Discussions like: only visitors of the NoMoreRansom site or actual decryptions that took place.
    In a new article at Security.nl from 4 April 2017 there is some more info about the numbers (article again in Dutch).
    That new article says: Since the start of the project 100.000 users have uploaded a file to try to let it decrypt. In 75% of the cases the decryption was succesful, which makes the number 75.000.
    In the Europol Press Release of 4 April 2017 the number of 10.000 was mentioned. The author of that Security.nl article says they had contact with Kaspersky and were told that that number 10.000 is the total of succesful decryptions via NoMoreRansom by the Kaspersky tools since 1 December 2016. The number 75.000 is the total decryptions by all partners involved in the project.
    The numbers are a bit confusing, and so are the dates (is it from the start of the project, or from 1 December 2016?); sometimes you would wish for more exact wording...
    Anyways, as long as users have a centralised portal to where they can submit encrypted files to try to let them decrypt, and companies and organisations work together to make that happen, I guess we all should be glad (even when companies/organisations have also their own interests, which of course can also be understood). Just work together! Peace.
     
    Last edited: Apr 7, 2017
Loading...