Cybercrime

Public-Private Team Leads Assault on Ransomware

ransomware

Ransomware has become a scourge on the Internet — but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it.

No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware — a form of malicious software that locks a computer or mobile device until a ransom is paid.

In addition to explaining how ransomware works and how to protect against it, the site helps victims avoid paying off Net bandits through tools capable of unscrambling data scrambled by some strains of malware.

“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back,” said Jornt van der Wiel, a security researcher at Kaspersky.

“That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result,” he added. “We can only change the situation if we coordinate our efforts to fight against ransomware.”

Ransomware Central

For an effort like No More Ransom to be effective, its sponsors need to build public awareness of the site, noted Nathan Wenzler, principal security architect at AsTech Consulting.

“It’s absolutely a step in the right direction, but promotion is key so that people take note of the steps listed in the site before they’re infected rather than after the fact,” he told the E-Commerce Times.

The site itself does a good job of centralizing information about ransomware, observed Marc Laliberte, an information security threat analyst at WatchGuard Technologies.

“A lot of the information isn’t new,” he told the E-Commerce Times. “It’s been floating around the Internet and echoed by all sorts of people, but this the first site that I’ve seen that really takes every piece of the puzzle when it comes to defeating ransomware and puts it all on one site.”

The No More Ransom initiative is a bit unusual because it’s a noncommercial initiative aimed at bringing public and private institutions under a single umbrella.

“I’ve seen a lot of security organizations come out with their own advice, but I’ve never seen a nonprofit like this that cares about people and helping them fix their problems,” said Charity Willhoit, an intelligence analyst with Armor.

“The truth is, most people are not going to be able to go out there and buy tools and buy advice from a security company,” she told the E-Commerce Times. “Having this free opportunity on the open Web is just perfect, because the majority of the victims are going to be people, not organizations.”

That separates No More Ransom from the typical public-private partnership.

“This collaboration goes beyond intelligence sharing, consumer education and takedowns to actually help repair the damage inflicted upon victims,” noted Raj Samani, EMEA CTO for Intel Security. “By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.”

Safe Toolshed

The site can make a valuable contribution in the fight against ransomware just by bringing attention to the problem.

“Preventing ransomware requires a high degree of awareness, but awareness of ransomware now is abysmally low,” Seclore CEO Vishal Gupta told the E-Commerce Times.

The site’s offering of tools to decrypt, or unscramble, files garbled by ransomware is also a welcome service.

“It’s useful to be able to get these kinds of decryption tools from a reliable source rather than just searching for them online,” said Cyberreason CISO Israel Barak.

“A lot of people get infected with secondary malware or even additional ransomware when they look for solutions and decryption tools by clicking the first link they see on Google,” he told the E-Commerce Times.

Users — especially business users — need to remain vigilant about ransomware, warned Craig Spiezle, executive director of the Online Trust Alliance.

“There are new variants of ransomware online every day. These variants are not targeting you and me as desktop users. They’re being very precise and targeting specific companies,” he told the E-Commerce Times. “Ransomware is evolving. It is no longer a crime of opportunity. They’re no longer looking at the $500 hit. They’re looking at the $50,000 payoffs.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Cybercrime

E-Commerce Times Channels