Community Efforts Against Ransomware
Ransomware attacks are by nature loud, they immediately inform the user of the device that their files are encrypted, and they need to “pay” the ransom in order for their files to be restored. It is already 2019, and there is still much ransomware in the wild, and everyone is at risk, especially those that are not practicing safe computing habits. There is also no exemptions when it comes to their target victims, from a small hospital in a rural location to even the Chinese government’s internal network fell for ransomware.
The year 2017 was a great year of being a ransomware developer, given that the WannaCry infection alone earned them an estimated $4 billion worth of ransom money in Bitcoins. It does not stop there given that many computers online lacks credible backup systems, which could the single most important defense against ransomware infection. It will only take a fraction of time to restore the clean copies of the files from a reliable backup, compared to paying the ransom for the hopes that the decryption key will be released by the ransomware authors.
Last year, we have not seen any improvements when it comes to lessening the victims of ransomware, as ransomware authors collectively earned $8 billion globally that year. There are still victims that continue paying the ransom, even if there are countermeasures against ransomware infection.
Second, only to backup systems, the Internet community itself has joined hands in enabling victims of ransomware to decrypt the files they have lost. The movement is called NoMoreRansom.org, a non-profit organization with the goal of decrypting the ransomware encryption algorithms, producing decrypters for the victims to restore their files on their own without paying anything to the ransomware authors.
NoMoreRansom.org is highly discouraging victims in paying the ransom, given the situation that the ransomware authors may commit programming mistakes in their creation, which makes the decryption key inaccessible by themselves. Paying the ransom will not be a guarantee that the files will be decrypted to their original state.
“The ‘No More Ransom’ project has just started, but we are continuously working with other security companies and law enforcement agencies to identify as many keys as possible, for as many variants as possible. Sometimes paying the ransom also works, but there is no guarantee that paying will actually lead to your files being decrypted. In addition, you’re supporting the criminal’s business model and thus are partly responsible for more and more people getting infected with ransomware,” explained by NoMoreRansom blog in its official Q&A page.
The project is officially supported by the European Cybercrime Centre, McAfee and Amazon Web Services. It takes a while for the project to develop a decrypter program against a particular ransomware variant, but most of the ransomware in the wild at the moment are well documented by their team. Decryptors provided by NoMoreRansom is free of charge and easy to use, the user just needs to download the program and run the provided executable with administrative access. The process is fully automated, and it reproduces the decryption key that restores the files to their usable state, all without any reformatting.