Cyber Security Featured Article

The No More Ransom Project is Poke in the Eye of Ransomware Perpetrators

July 25, 2016

Ransomware may be one of the most insidious new threats to our everyday computing operation since various ways to compromise computers and networks first became popular.  A breed of malware that locks a system and prevents access to the files contained therein without paying a ransom—a subsequent breed called “ranscam” won't even restore access after paying—ransomware has become a growing scourge which can be protected against but once infected creates serous challenges if the target refuses to pay. It is why a new initiative, the No More Ransom Project, commands attention. 

The No More Ransom project has been working on a means to break the stranglehold of ransomware and ranscam alike, giving users the very real possibility that a system can be recovered without having to pay a ransom. Staffed by some major backers—including Intel Security, Kaspersky Lab, the Dutch Police, and Europol itself—No More Ransom is geared up to help in a big way.

The group has created what it describes as “a repository of keys and applications that can decrypt data locked by different types of ransomware.” That doesn't necessarily mean that every ransomware victim will be helped here, but rather that there's a good chance that users will come out ahead in the end.

Right now, there are four major tools available for different ransomware types, including Coinvault, Shade, Rannoh and Rakhn, along with CryptXXX, which goes well beyond just locking up a PC and attacks connected drives and even cryptocurrency wallet funds. Another 160,000 keys are available just for Shade users, improving the chances that users will get a system back without having to pay out. Indeed, the No More Ransom project elaborates that: “The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the encryption key you need in return.”

There's one other point to consider in protecting against ransomware: a backup system with an air gap protection scheme. Air gap is the practice by which a computer is kept completely off of the Internet, making it virtually impervious to hacks that don't take place in the same room. With such a system storing files in a back room or the like, and users being able to replenish file stocks on untainted computers from that stable backup, the threat of ransomware becomes a local one. While a terminal or an endpoint might be locked up and hopelessly tainted, losing an endpoint is as easy a fix as buying a new one. Losing an endpoint with a load of files on it could be a catastrophe.

Tools like No More Ransom's are a welcome addition to the fight against malware in general, and may help to break the threat of ransomware and ranscam.  While there is no lack of ingenuity in the bad guy community, and no security solution that cannot be compromised, the trick in security it making it hard for those with malicious intent so they will look elsewhere.  Given, that hacking is now a huge business and ransomware is a path toward monetization that is growing in frequency and in what is at stake, anything that is a form of deterrent is welcome and you have to like where No More Ransom is going with its efforts.  




Edited by Peter Bernstein

Article comments powered by Disqus
Free Subscription