Anti-Ransomware Decryption Toolkit Grows Bigger

The No More Ransom project gains 15 more decryption tools and dozens of new partner organizations.

 

Since its inception last summer, the No More Ransom project, and anti-ransomware initiative formed by the Dutch National Police, Europol, Intel Security and Kaspersky Lab, has been growing by leaps and bounds.

In addition to raising awareness and keeping tabs on the ransomware scene, the group banded together to help victims of regain access to their files without having to pay their attackers. No More Ransom offers tools that can be used to decrypt files affected by popular strains of the malware.

"This collaboration goes beyond intelligence sharing, consumer education, and takedowns to actually help repair the damage inflicted upon victims," said Raj Samani, Intel Security's CTO for the EMEA region, in a July 2016 announcement. "By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment"

At the outset, No More Ransom had four decryption tools. Now, that number has ballooned to 39, announced anti-malware firm Kaspersky Lab.

The latest batch includes decryptors from Avast that target the Alcatraz, Bart, Crypt888, HiddenTear, Noobcrypt and Cryptomix ransomware families. Checkpoint contributed Merry X-Mas and BarRax decryptors while Kaspersky issued new updates to its Rakhni and Rannoh decryptors.

Although decryption tools exist, users should remain vigilant, secure their PCs and backup their data regularly. The No More Ransom project warns on its website that recovery may not be possible if victims are hit with some types of ransomware.

The No More Ransom roster of supporting partners has also grown. Newcomers include Acronis, Crowdstrike, Verizon Enterprise Solutions, and INTERPOL. In total, the program has gathered 76 participating organizations across the globe.

Meanwhile, Kaspersky is warning businesses of targeted ransomware attacks on their systems and servers.

Anton Ivanov, senior malware analyst at Kaspersky, noted that some professional attackers "carefully select targets (major companies with a large number of network nodes), and organize attacks that can last weeks and go through several stages," in a blog post. Those carefully-planned stages include searching for victims and penetrating a corporate network by using exploits or trojans.

Their efforts to install an encryptor also involve studying a network's topology once they gain a foothold and acquiring the proper administrative rights to drop the payload on all the nodes on a network.

"To ensure comprehensive security of an organization's network, it is necessary to audit the software installed on all nodes and servers of the network," advised Ivanov. "If any outdated software is discovered, then it should be updated immediately. Additionally, network administrators should ensure all types of remote access are reliably protected."