On the sixth anniversary of its founding, the No More Ransom project has revealed it has helped more than 1.5 million people successfully decrypt their devices and regain access to their data without the need to pay a ransom in the wake of a cyber attack.
A project of the Dutch Police’s National High Tech Crime Unit, the European Cybercrime Centre at Europol, and cyber kingpins Kaspersky and McAfee, No More Ransom was inaugurated in 2016, with the core of its work centring the dissemination of free ransomware decryptors to victims.
Over its lifetime, it has gone from offering tools to unlock data encrypted by four different ransomwares, to offering 136 decryptors for 165 different ransomware families, including some of the biggest “hitters” of recent years, such as Babuk, Maze, and REvil/Sodinokibi.
The scheme now boasts more than 180 contributors, and besides straight up decryption tools, it also provides general information on ransomware, advice and guidance for dealing with ransomware incidents, and instructions on how to report cyber crime in more than 30 jurisdictions, including the UK.
“Ransomware is an effective way to get money from victims and remains one of the biggest cyber security concerns,” said Jornt van der Weil, a security researcher at Kaspersky’s Global Research and Analysis Team. “In just the first three months of 2022, more than 74,000 unique users were found to have been exposed to this type of threat – and all of these attacks were successfully detected.
“This has led to an increase in the tendency to help these initiatives, and I’m extremely happy that we are able to assist people and companies in restoring their digital assets without paying the attackers. This way we hit the criminals where it hurts – their business model – as users are no longer forced to pay to decrypt their data. We will keep on fighting ransomware with our existing and future partners.”
Sources of course differ in terms of how impactful ransomware actually is – quarterly reports of the type favoured by large cyber security firms are not necessarily to be implicitly trusted because they inevitably rely on data drawn from proprietary internal services.
However, multiple recent reports have suggested that while ransomware remains a clear and present danger, there are some signs that the heat is going out of the “market”.
Check Point, for example, this week released data showing that while ransomware attack volumes have increased, affecting one in 40 organisations worldwide every week, in Europe, there was a slight year-on-year decline, with only one in 66 organisations affected.
Meanwhile, Cisco Talos’ Incident Response unit, which has just made public data covering Q2, found that ransomware no longer dominates the threat landscape, with commodity malwares the top threat seen in its telemetry between April 1 and June 30, comprising 20% of all threats compared with ransomware’s 15%. The firm’s researchers speculated that law enforcement takedowns and internal fracturing in ransomware gangs may have played a role in this.
SonicWall, which also has a half-yearly threat report out this week, said that June 2022 saw the lowest monthly ransomware volumes worldwide in two years, attributable to a combination of government sanctions, supply chain deficiencies, cratering cryptocurrency prices and limited availability of needed infrastructure making life much harder for ransomware gangs.
However, in contrast to Check Point, SonicWall’s telemetry saw a 63% rise in ransomware attacks in Europe, suggesting a regional shift in the cyber crime landscape is underway, at least part of which may be attributable to factors linked to the war on Ukraine.
While a truly accurate picture is impossible to discern, defenders should be under no illusions that the threat of ransomware is passing – it is not – and the optimal course of action when dealing with this kind of criminality is to try to prevent it in the first place, rather than address it after the fact.
UK organisations can access ransomware mitigation advice from the National Cyber Security Centre.