Cybercrime as-a-service , Fraud Management & Cybercrime , Malware as-a-Service

No More Ransom Thwarts $108 Million in Ill-Gotten Profits

Europol Marks Three-Year Anniversary of Non-Profit Security Initiative
No More Ransom Thwarts $108 Million in Ill-Gotten Profits

Three years since its launch, the No More Ransom project, an initiative between law enforcement and private companies, has assisted more than 200,000 ransomware victims and prevented $108 million from being paid out in ill-gotten profits, according to Europol - one its founding members.

See Also: Global Threat Report 2024: Executive Summary

Launched in July 2016 in collaboration with Europol - the European Union's law enforcement intelligence agency - as well as the High Tech Crime Unit of the Netherlands' police, Kaspersky Lab and McAfee, the non-profit initiative has been instrumental in tackling ransomware attacks, including GandCrab and Shade, by releasing free-to-use decryption tools which are downloadable from the project's online portal (see: 'No More Ransom' Portal Offers Respite From Ransomware).

Since its launch, No More Ransom has identified 108 ransomware variants and now offers 82 different types of decrypting tools, according to Europol, which released an update Friday. In addition, the organizations' website and online portal has recorded some 3 million visitors since its launch in 2016, the agency says.

“When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds," says Steven Wilson, the head of Europol’s European Cybercrime Centre. "A wrong click and databases, pictures and a life of memories can disappear forever. No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice."

Expanding Membership

Other businesses and government organizations that have joined since its launch include Amazon Web Services, Barracuda Networks, F-Secure, MasterCard and the European Banking Federation, according to Europol.

In addition to support from these businesses and organizations, security vendors such as Emsisoft, Avast and Bitdefender have been active in creating the decryption tools needed to thwart these ransomware attacks and de-encrypt victims' files, according to Europol.

Besides the 101 public and private businesses and organizations involved, the No More Ransom project includes 42 different law enforcement agencies from around the word, along with five different European Union agencies.

Initially launched in Europe, the No More Ransom project has also expanded to 188 countries around the world, and now offers additional services to ransomware victims such as direct crime reporting and precautionary advice in 36 different languages. South Korea and the U.S. are now the biggest users of the portal, according to Europol statistics.

Fighting GandCrab

One of No More Ransom's biggest successes has been attempting to stop the GandCrab ransomware by releasing a series of decryption tools that helped nearly 40,000 people who have been affected over the course of the past two years, according to Europol.

The first of these tools was developed in February 2018 by police in Romania, Europol and Bitdefender, which is also based in Romania.

As part of the recovery process, victims were required to download the tool from either No More Ransom's portal or Bitdefender's website and scan their systems to unlock the data. By doing so, Europol estimates that decryption pool saved nearly $50 million in ransom payments.

GandCrab, which first appeared in January 2018, was created as a ransomware-as-a-service tool, which different cybercriminals could use as part of various schemes and attacks. Security experts say "affiliates" could sign up to use GandCrab under terms and conditions that included the GandCrab gang getting a 40 percent cut of all ransoms paid by victims.

Over the course of several months, the creators of GandCrab continued to release new variants of the ransomware, which required police and security vendors to create new decryption tools to unlock victims' files.

During its height, GandCrab infected over 500,000 victims worldwide and caused more than $300 million in losses, according to estimates by the FBI. Over the past several months, however, GandCrab has faded as a threat, according to new estimates by security firm Coveware (see: Ransomware: As GandCrab Retires, Sodinokibi Rises).

One of the reason is the work of the No More Ransom portal.

These series of GandCrab ransomware attacks finally came to a head in June, when No More Ransom released free decryption tool for all versions of GandCrab ransomware that have been spotted in the wild. These tools were developed with Europol, the FBI, a number of different European-based law enforcement agencies and Bitdefender.

Later, on July 17, the FBI sent out a flash alert that contained the master keys needed to decrypt GandCrab.

At about the same time, the creators of GandCrab had announced on various underground forums that they planned to retire the ransomware. Whether that decision was due to increasing pressure from law enforcement or a different motive is not clear.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.