Kaspersky’s ransomware fight gains international support

19 Oct 2016

Ransomware. Image: Christiaan Colen/Flickr/CC BY-SA 2.0

The growing threat of ransomware and its damaging and costly effect on the online environment has seen 13 new state bodies join Kaspersky Lab’s No More Ransom project.

Earlier this year, Europol, Kaspersky Lab and Intel joined forces to tackle the exponential rise in ransomware.

Since then the threat has grown, but those looking to fight back have also grown in number. Creating No More Ransom, the original trio sought international collaboration to spread the tools already available for internet users, to help negate the need to hand over ransoms.

Ransomware

Growing support

The response, though slow at first, is now emphatic. In recent weeks, 13 new state security bodies have joined the fold in a collaboration that really relies on numbers.

“We will keep growing when we get more successes,” said Jornt van der Wiel, security researcher at Kaspersky’s Benelux site. “When we tried to start this project, various parties showed interest. But after we had our first two successes, that’s when we had much, much more interest.”

The more the better, according to Van der Wiel, as he urged that “we really should try to fight this all together”.

The successes are all listed on the main site, with seven types of ransomware now fully cured, with their decrypt software free and available for users who were affected.

Chimera, TeslaCrypt, Shade, CoinVault, Rannoh, Rakhni and Wildfire variants all feature, with the latter achieving the most interest.

Ransomware unmasked

“Wildfire is a great example,” said Van der Wiel, detailing the number of those infected, cured and even who paid out.

There were 5,800 keys in total found on servers secured by police, with around 5,500 represented in actual infections. “The other 300, give or take, would be made up of researchers and antivirus security professionals testing themselves.”

The app was launched some 25,000 times, with nearly 1,000 successful decryptions. In the project’s first three months, 2,500 people successfully decrypted their files through the seven decryptors instead of paying ransom to criminals.

Taking into account the average price criminals ask as a ransom, Kaspersky Lab estimates that the No More Ransom project has already helped people to save more than $1m.

All aspects of cybercrime are on an upward curve, and have been for some time, according to Europol’s annual threat report.

Called the 2016 Internet Organised Crime Threat Assessment, it highlights an “expanding cyber-criminal economy” that is entrenched in an increasingly internet-reliant age.

The reports states that a number of EU countries may be at a point where reporting of cybercrime now outnumbers that of more traditional crimes.

Now the norm

Interestingly, attacks such as ransomware “have become the norm”, overshadowing traditional malware threats such as banking trojans.

Kaspersky Lab is hardly arguing that assumption. Noting the varied standard in ransomware campaigns, Van der Wiel referenced one or two incredibly well-tailored projects.

“Some are ones where you wonder how it is even possible that somebody falls for it and gets infected, a terribly written email or something like that, with a dodgy application.

“In other cases, it’s quite advanced. One campaign targeting SMEs that we saw was interesting. They said they were from a transport company, and had tried to deliver a package to the address of the company. ‘If you want to get the package visit our website, download form and fill it in for us.’

“The physical address of the targeted companies was something we hadn’t seen before. The email was in flawless Dutch. Really, really well written.”

Another stage in the evolution of ransomware is the cyber-criminals’ ability to gauge a decent price point, often around the €200 mark per attack.

Once infected, your files are encrypted. If you’re an SME with outsourced IT, you ask for your backed-up data with the IT company charging, say, €500 to retrieve it all. If the ransomware deal is cheaper, which do you go with? “It’s a simple decision,” said Van der Wiel.

Sometimes you have to hold your hands up, as the ongoing level of risk with working in the online world means nobody is ever 100pc safe. However, there are ways to mitigate the risk.

When you browse the web without an updated browser, it could contain some security vulnerabilities. Simply visiting a website could be enough to get infected with ransomware.

Stick to legitimate websites, up-to-date operating systems and well-regarded malware and virus defences.

Ransomware. Image: Christiaan Colen/Flickr/CC BY-SA 2.0

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com