No More Ransom Collects More Backers and Keys

Written by

The No More Ransom project has confirmed that 15 new decryption tools have been added to the platform, bringing the total offering to 39 decryption tools since its launch nine months ago.

Having helped over 10,000 ransomware victims globally, the initiative has today added AVAST, CERT Polska and Telefonica’s Cyber Security Unit 'Eleven Paths' as associate partners, bringing the number to seven. Also, 30 new supporting partners are joining the program to bring the total to 76, including Interpol, ENISA and the Global Cyber Alliance, and vendors Crowdstrike, SentinelOne and Verizon Enterprise Solutions.

Statistics show that most visitors to the platform come from Russia, the Netherlands, the United States, Italy and Germany.

Speaking to Infosecurity, David Emm, senior security researcher at Kaspersky Lab – a founding member of No More Ransom – said that he expected there to be more interest in backing the initiative, but not from businesses as it is aimed at people dealing with and researching ransomware.

“It seems to have built up a good head of steam, but it highlights the benefit of pulling it all together, not least from the point of view of the customers as it is a single point of resources,” he said. “When you are in the middle of a problem, the last thing you want to do is trawl from site to site, but this is one place to help you get back to business as fast as you can.”

Also released today were new statistics from SecureWorks, whose survey of 230 organizations found that 52% of security leaders rate their organizations at above average or superior when it comes to detecting or blocking ransomware, whilest 76% see ransomware as a significant business threat and 56% have a ransomware response plan.

Keith Jarvis, senior security researcher at SecureWorks, said in the report that he felt that most organizations have come to terms with ransomware as a threat, being part of the so-called internet weather that all organizations endure.

“So I think everybody in every potential industry vertical is being targeted with ransomware on a daily basis,” he explained. “Over the ensuing three to four years, people have come to terms with the fact that they’re going to be attacked with this stuff whether or not the threat actors are targeting them specifically. Just by virtue of their presence on the internet, they’re going to see a lot of this coming into their network.

He recommended users “take all measures to prevent ransomware infections,” but when they do occur, ensure the impact is inconsequential. “So by that, if they do have data loss from a ransomware attack, ensure that they’re able to get that data back,” he added.

“They don’t have to sit back and wring their hands over ‘should we pay?’ If we do pay are we going to get this data back? Is it going to be tampered with? Are the people responsible for this attack able to exfiltrate our data, and now do they have that for resale or for their own use?”

In an email to Infosecurity, Maxine Holt, principal analyst at the Information Security Forum, said that it is not surprising that over three-quarters of survey respondents view ransomware as a specific threat. “The next step is to mitigate the risks arising from threats, so it is likely that the huge growth in ransomware in 2016 reinforced the threat with organizations (hence 76%) and 2017 is seeing enterprises beginning to do something about it,” she said.

“There may be more organizations that have implemented controls to mitigate risks from threats, but haven’t yet developed a follow-up response plan to deal with breaches.

“Ransomware attacks are consistently on the rise, and the threats from the internet of things are making these attacks even more prevalent – the ISF’s Threat Horizon 2019 report points out that every organization should take immediate action on ransomware and put in place appropriate business continuity plans.”

Emm told Infosecurity that what interested him in these statistics was that attackers realize the success behind the attacks, as they wouldn’t put the development in otherwise. “In our research we found that 20% had businesses in their sights and that will ramp up as people realize businesses have more to lose and the potential ransom demand can go up,” he said.

“I think it is possible that businesses think ‘it won’t be us’ and looking at the scheme of priority, it is not that high up but it is climbing up the focus list.”

What’s hot on Infosecurity Magazine?