Marking five years of its ‘No More Ransom’ project, Europol on Monday launched a revamped website that allows easy access to decryption tools and other help in over 30 languages.
The project brings together the European Commission, tech companies, 46 law enforcement agencies – including Cyprus police — and 120 public and private sector entities.
The initiative supplies ransomware victims with decryption tools to recover their encrypted files, helps them report cases to law enforcement authorities and contributes to raising awareness about ransomware.
Since its launch five years ago, the project has already helped more than six million victims worldwide and prevented criminals from making almost €1b in profits.
Ransomware is a type of malware that locks users’ computers and encrypts their data. The criminals behind the malware demand a ransom from the user in order to regain control over the affected device or files. Ransomware represents a growing threat, affecting all sectors including energy infrastructure or health care.
The website www.nomoreransom.org features a total of 121 free decryptor tools for 151 types of ransomware.
A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image. Once the attachment is opened, the malware is released into the user’s system. Cybercriminals can also plant the malware on websites. When a user visits the site unknowingly, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then it is too late to save the data through any security measures.
Advice to better protect your digital life includes regularly back up data stored on your computer, so a ransomware infection wouldn’t destroy your personal data forever. Don’t click on links in spam, unexpected or suspicious emails.
Users should avoid sharing personal data, consider using multi-factor authentication on important online accounts, be wary while browsing the internet and not click on suspicious links, pop-ups, or dialogue boxes.
They should browse and download only official versions of software and always from trusted websites, use robust security products to protect their system from all threats, never connect unfamiliar USB sticks to their systems and use a Virtual Private Network (VPN) when using public Wi-Fi.
They should ensure their security software and operating system are up to date, not use high privilege accounts (accounts with administrator rights) for daily business, enable the ‘Show file extensions’ option in the Windows settings and turn on local firewall.
If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
Don’t pay the ransom. You will be financing criminals and encouraging them to continue their illegal activities. There is no guarantee that you will get access to your data or device, and you are more likely to be targeted again in the future.
Take a photograph or a screenshot of the ransom note presented on your screen.
If available, use antivirus or anti-malware software to clean the ransomware from your device. You may have to reboot your system into Safe Mode.
Removing the ransomware will not decrypt your files, but it will let you carry out the following steps without new files becoming encrypted.
If you had a backup, restore the information, and read our advice to prevent you from becoming a victim again.
If you do not have a backup, visit www.nomoreransom.org to check whether your device has been infected with one of the ransomware variants for which there are decryption tools available free of charge. The information regarding the ransomware note will be useful in this process.
Report it to your national police. The more information you provide, the more effectively law enforcement can disrupt the criminal enterprise.