Europol and security giants to combat rise in ransomware

25 Jul 2016

According to Europol, ransomware has increased five times in the last year because businesses will readily hand over cash to criminals to get their data back

European police agency Europol has joined forces with cybersecurity companies Intel Security and Kaspersky Lab to tackle the exponential rise in ransomware.

Europol has created the No More Ransom site which connects victims to police and gives advice as well as helping with data recovery.

The website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cybersecurity companies (Kaspersky Lab and Intel Security) with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

‘The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back’
– JORNT VAN DER WIEL, KASPERSKY LAB

Ransomware on the rise

It is believed that the scourge of ransomware – malware that takes hold of computers and demands a fee – has increased in the last year.

The number of victims is growing at an alarming rate:. According to Kaspersky Lab, the number of users attacked by crypto-ransomware rose by 5.5 times, from 131,000 in 2014-2015 to 718,000 in 2015-2016.

“For a few years now ransomware has become a dominant concern for EU law enforcement,” Wil van Gemert, Europol deputy director of operations, said. “It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim’s data.”

Last year, Cisco, with the help of Level 3 Threat Research and Limestone Networks, identified the largest Angler exploit kit operation in the US, which targeted 90,000 victims every day and generated tens of millions of dollars a year by demanding ransoms off victims. Cisco estimates that, currently, 9,515 users in the US are paying ransoms every month, amounting to an annual revenue of $34m for certain cybercrime gangs.

Another example of ransomware provided by Kaspersky is Shade, a ransomware-type Trojan that emerged in late 2014. The malware is spread via malicious websites and infected email attachments.

After getting into the user’s system, Shade encrypts files stored on the machine and creates a .txt file containing the ransom note and instructions from cybercriminals on what to do to retrieve them. Shade uses a strong decryption algorithm for each encrypted file, with two random 256-bit AES keys generated: one is used to encrypt the file’s contents, while the other is used to encrypt the file name.

“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back,” explained Jornt van der Wiel, security researcher on the global research and analysis team at Kaspersky Lab.

“That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we co-ordinate our efforts to fight against ransomware.

“The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together,” van der Wiel said.

Europol image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com