Anti-Malware , Data Loss , Encryption

Ransom Smackdown: Group Promises Decryption Tools Portal Emphasizes Fight Against Ransomware, Says Intel Security's Raj Samani
Ransom Smackdown: Group Promises Decryption Tools
Intel Security's Raj Samani

A new public-private partnership is a statement of intent against ransomware, says Raj Samani, CTO for Europe, the Middle East and Africa at security firm Intel Security.

Together with a portal dubbed "No More Ransom," the organizations behind the endeavor - the High-Tech Crime Unit of the Dutch Police Services Agency, EU law enforcement intelligence agency Europol, as well as security firms Kaspersky Lab and Intel Security - are attempting to give ransomware victims more options, as well as to emphasize that they're doing whatever they can to disrupt ransomware gangs and help more victims get their data back for free (see 'No More Ransom' Portal Offers Respite From Ransomware).

Many ransomware victims today must choose between paying criminals to obtain a decryption key to unlock forcibly encrypted files, or to not fund criminals, at the cost of potentially never regaining access to their data.

With the new NoMoreRansom.org portal, "we're saying, we're now committed toward a longer-term solution: not having to let people decide whether to pay the ransom," Samani says in an interview with Information Security Media Group. "We've now given you a third option," he adds - provided, of course, that a victim can obtain a decryption tool for their particular flavor of ransomware.

The new portal launched this week, together with an announcement that the organizations recently disrupted the malicious infrastructure powering the Shade ransomware. As a result, authorities were able to recover 160,000 decryption keys for PCs that had been encrypted by Shade and have released a related decryption tool via the portal.

So far, the portal will only allow victims to decrypt files that have been infected with a relatively small portion of all of the malware that's at the encryption of relatively few types of ransomware, according to Samani. But for anyone who is able to obtain a decryptor, that's obviously good news.

In this interview (see audio player below photo), Samani also discusses:

  • The capabilities on offer via the NoMoreRansom.org portal;
  • New techniques for disrupting ransomware gangs;
  • The importance of coordinating cybercrime-related law enforcement efforts internationally.

In addition to his role at Intel Security, Samani is a member of the Advisory Group on Internet Security for the Europol Cybercrime Centre, or EC3, as well as the chief innovation officer for Cloud Security Alliance. He previously worked as a security consultant for CapGemini and as an information security manager for consultancy Deloitte.




Around the Network