Video: No More Ransom: Initiative that outwits ransomware reaches first year
Victims of Cryakl ransomware are now able to get their files back without paying a ransom to cybercriminals, after the decryption key was released for free as part of the No More Ransom initiative.
Launched by Europol in 2016, the scheme brings law enforcement and private industry together in the fight against cybercrime and has helped thousands of ransomware victims retrieve their encrypted files without lining the pockets of crooks.
Cryakl has been active since September 2015 and, like other forms of ransomware, it searches an infected system for files, encrypts them, then demands payment for providing the key needed to retrieve the files. It also threatens to delete the encrypted files if payment isn’t received within a week.
Unlike more recent forms of ransomware which ask for payments to be made into a cryptocurrency wallet, victims of Cryakl are asked to contact the attackers by email.
The ransomware is most prolific in Russia, but Cryakl has claimed victims across Europe. Kaspersky Lab told ZDNet there has been over 2,000 infections in Italy, over 2,000 in Germany, over 1,000 in Spain and hundreds across the UK, Belgium, France, Poland, and Austria.
Decryption tools for Cryakl ransomware have been added to the No More Ransom portal following work by the Belgian National Police and Kaspersky Lab as part of an ongoing investigation.
Now download: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)
Belgian authorities were able to seize this as well as other servers involved with the distribution of ransomware, then obtain the decryption keys with the aid of forensic analysts and input from Kaspersky Lab.
The investigation is still ongoing, but now victims of Cryakl can regain access to their encrypted files without having to pay criminals.
“Cybersecurity experts work worldwide to help the victims, creating new, previously non-existent tools for decryption,” said Jornt van der Wiel, security researcher in the global research and analysis team at Kaspersky Lab.
“Free decryption keys for Cryakl ransomware can be considered as proof of this policy, and yet another reminder that there is always a chance of winning in the fight with criminals.”
The addition of keys for Cryakl brings the total number of ransomware decryption tools available on the No More Ransom portal to 52. They can be used to decrypt 84 forms of ransomware including MarsJoke, Teslacrypt, LamdaLocker, Wildfire, and CryptXXX.
According to Europol, over 35,000 people have used No More Ransom to decrypt their files for free, preventing cyber criminals from obtaining ransoms worth over €10m.
Initially launched by Europol, the Dutch National Police, McAfee, and Kaspersky Lab, the number of partners working on No More Ransom has now risen to over 120, including 75 cybersecurity companies.
The Belgium National Police’s role in helping to decrypt Cryakl has seen it promoted to become an associate partner in the scheme — the second law enforcement body to do so after founding member the Dutch National Police.
Europol has also announced new partners for No More Ransom: the Cypriot and Estonian police are the most recent law enforcements agencies to join, while KPN, Telenor, and the College of Professionals in Information and Computing (CPIC) have joined as new private sector partners.
“We are of course happy that the platform keeps growing and that new partners keep joining. We have always been convinced that public private partnership is crucial in the fight against ransomware, and cybercrime in general,” a Europol spokesperson told ZDNet.
Since the launch of No More Ransom, the portal has received over 1.6 million visitors from a total of 180 countries. The website is available in 29 languages, with Estonian the most recent addition.
Recent and related coverage
The switch to new digital currencies will make life more difficult, according to one police chief.
A new ransomware-as-service scheme offers tools and tutorials for getting started with GandCrab, in return for a cut of the profits — and a promise not to attack Russia.
‘Magniber’ ransomware could potentially be an experiment by people behind the Cerber ransomware family.