Public-Private Team Leads Assault on Ransomware


Ransomware has become a scourge on the Internet -- but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it.

No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware -- a form of malicious software that locks a computer or mobile device until a ransom is paid.

In addition to explaining how ransomware works and how to protect against it, the site helps victims avoid paying off Net bandits through tools capable of unscrambling data scrambled by some strains of malware.

"The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back," said Jornt van der Wiel, a security researcher at Kaspersky.

"That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result," he added. "We can only change the situation if we coordinate our efforts to fight against ransomware."

For an effort like No More Ransom to be effective, its sponsors need to build public awareness of the site, noted Nathan Wenzler, principal security architect at AsTech Consulting.

"It's absolutely a step in the right direction, but promotion is key so that people take note of the steps listed in the site before they're infected rather than after the fact," he told the E-Commerce Times.

The site itself does a good job of centralizing information about ransomware, observed Marc Laliberte, an information security threat analyst at WatchGuard Technologies.

"A lot of the information isn't new," he told the E-Commerce Times. "It's been floating around the Internet and echoed by all sorts of people, but this the first site that I've seen that really takes every piece of the puzzle when it comes to defeating ransomware and puts it all on one site."

The No More Ransom initiative is a bit unusual because it's a noncommercial initiative aimed at bringing public and private institutions under a single umbrella.

"I've seen a lot of security organizations come out with their own advice, but I've never seen a nonprofit like this that cares about people and helping them fix their problems," said Charity Willhoit, an intelligence analyst with Armor.

"The truth is, most people are not going to be able to go out there and buy tools and buy advice from a security company," she told the E-Commerce Times. "Having this free opportunity on the open Web is just perfect, because the majority of the victims are going to be people, not organizations."

That separates No More Ransom from the typical public-private partnership.

"This collaboration goes beyond intelligence sharing, consumer education and takedowns to actually help repair the damage inflicted upon victims," noted Raj Samani, EMEA CTO for Intel Security. "By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment."

The site can make a valuable contribution in the fight against ransomware just by bringing attention to the problem.

"Preventing ransomware requires a high degree of awareness, but awareness of ransomware now is abysmally low," Seclore CEO Vishal Gupta told the E-Commerce Times.

The site's offering of tools to decrypt, or unscramble, files garbled by ransomware is also a welcome service.

"It's useful to be able to get these kinds of decryption tools from a reliable source rather than just searching for them online," said Cyberreason CISO Israel Barak.

"A lot of people get infected with secondary malware or even additional ransomware when they look for solutions and decryption tools by clicking the first link they see on Google," he told the E-Commerce Times.

Users -- especially business users -- need to remain vigilant about ransomware, warned Craig Spiezle, executive director of the Online Trust Alliance.

"There are new variants of ransomware online every day. These variants are not targeting you and me as desktop users. They're being very precise and targeting specific companies," he told the E-Commerce Times. "Ransomware is evolving. It is no longer a crime of opportunity. They're no longer looking at the $500 hit. They're looking at the $50,000 payoffs."

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    HummingBad Malware Infects 85 Million Android Devices

    A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices.The report tracked a group of hackers called Yingmob in China that controls an arsenal of more than 85 million mobile devices around the world.
  • 5300c769af79e

    Awesome tech you can’t buy yet: A camera with brains, turbo toothbrush, and more

    It’s a clever smartwatch-inspired action cam that uses machine-learning algorithms to edit and shorten long video sequences.Dollo3D — Self-replicating 3D printer A self-replicating machine that makes other self-replicating machines sounds like the premise of a post-apocalyptic sci-fi thriller flick — but it’s also the concept behind a nifty new Kickstarter campaign.
  • 5300c769af79e

    Tale of Two Launches: OnePlus 3 the Good, Moto Z the Terrible

    To recap, Moto unveiled the Moto Z and Moto Z Force, along with DROID Editions that will launch exclusively on Verizon this summer, before arriving as GSM unlocked phones in the fall.Well, the Moto Z will arrive as an unlocked GSM phone, the Moto Z Force is a Verizon exclusive forever here in the US.
  • 5300c769af79e

    BYOD Doesn't Have to be Your Biggest Headache

    Download 8 Best Practices to Protect Your Enterprise NetworkSmartphones and other personal devices can now be found in most businesses as users are staying connected to the corporate network from anywhere, any time.It's the stuff that keeps IT and security managers up at night - mobile users, multiple devices per user, and enterprise data on the move.