Ride the Lightning

Excellent! No More Ransom Saves Users at Least $108 Million

July 29, 2019

ZDNet reported on July 26 that, on the three-year anniversary of the No More Ransom project, Europol announced that users who downloaded and decrypted files using free tools made available through the No More Ransom portal have prevented ransomware gangs from making profits estimated at least $108 million.

Just the free decryption tools for the GandCrab ransomware alone offered on the No More Ransom website have prevented ransom payments of nearly $50 million alone, Europol said.

The project, which launched in July 2016, now hosts 82 tools that can be used to decrypt 109 different types of ransomware. Most of these have been created and shared by antivirus makers like Emsisoft, Avast, and Bitdefender, and others; national police agencies; CERTs or online communities like Bleeping Computer.

By far the most proficient member has been antivirus maker Emsisoft, which released 32 decryption tools for 32 different ransomware strains.

Europol said that more than three million users visited the site and more than 200,000 users downloaded tools from the No More Ransom portal since its launch. Site visitors came from 188 countries all over the world, showing that despite the project starting in Europe, its reach is now global.

No More Ransom started out with three founding partners — Dutch Police, Kaspersky, and McAfee — but now has more than 150 partners across the world. The only oddity in No More Ransom's make-up is the lack of any US-based law enforcement agency. Other than that, everyone else is represented.

An Emsisoft spokesperson told ZDNet that the $108 million estimate that Europol shared today is "actually a huge underestimate."

"They're based on the number of successful decryptions confirmed by telemetry – in other words, when the tools phone home to confirm they've done their job," Emsisoft told ZDNet. He went on to say "None of our tools phone home. They've been downloaded more 1.6 million times, so it'd be more accurate to say they've helped folk avoid north of $800 million in ransom demands."

In addition, decryption tools provided by Bleeping Computer also don't phone home, which means victims saved even more money, and crooks lost more. Which is good news for all of us. We help our clients avoid the impact of ransomware through carefully engineered backups, but if you're not lucky enough to have that protection, make sure you keep the URL for the No More Ransom project in your toolkit!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson