• 發布單位:TWCERT/CC
• 更新日期:2019-03-22
• 點閱次數:1065

1. 英特爾、卡巴斯基、歐洲刑警組織與荷蘭警方近期合作開發反勒贖軟體入口網站，稱為‘No More Ransom’。
2. 該網站免費提供民眾部分勒贖軟體解密工具，以及勒贖軟體相關知識與防護方式等資訊。
3. 目前所提供之工具包括 CryptXXX、CoinVault 以及 Bitcryptor 等解密工具。
4. 其中該網站建議不要交付贖金，這只讓駭客確認他的勒贖軟體在受害者端可正常運作，卻不能保證受害者被加密檔案能夠

A joint operation conducted by the Europol with police and cyber security firms worldwide aims to tackle the Ransomware threat. It has been estimated that the ransomware victims tripled in the first quarter of this year alone.

The joint effort was announced by the Europol, the initiative was called ‘NO More Ransom,’ Kaspersky and Intel are the IT giants that participate in the initiative alongside with the Netherlands police.

The “exponential” rise in Ransomware threat represents a serious problem for users online and it is a profitable business for cyber criminals. The operation NO More Ransom is the response of the Europol of the growing threat.

“Today, the Dutch National Police, Europol, Intel Security andKaspersky Lab join forces to launch an initiative called No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.” states the official announcement published by the European law enforcement Agency. ” No More Ransom (www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals.”

ransomware no more ransom initiative

The No More Initiative aims to spread more information about the ransomware threat and the risk of exposure, providing suggestions to avoid falling victim to this family of malware. The online portal includes a session that provides instruction to prevent a ransomware attack and give the users also to report a crime to the European Law Enforcement Agencies.

“For a few years now ransomware has become a dominant concern for EU law enforcement. It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim’s data.” declared the Europol’s deputy director Wil van Gemert. “Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime. We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware.”

Online users may access the No More Ransom portal to download freely available tools that may allow them to decrypt files locked by the ransomware. At the time I was writing the NoMoreRansom website includes the decryption tools for 4 popular threats, including CryptXXX, CoinVault and Bitcryptor .

The “Crytpo Sherrif” section was implemented to allow visitors to upload ransomware samples and a description to identify the type of ransomware.

Below the list of suggestions published on the No More Ransom portal:

Back-up! Back-up! Back-up!
Use robust antivirus software to protect your system from ransomware.
Keep all the software on your computer up to date.
Trust no one. Literally.
Enable the ‘Show file extensions’ option in the Windows settings on your computer.
If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections.
Of course, don’t pay the ransom!

參考連結：

http://securityaffairs.co/wordpress/49723/laws-and-regulations/ransomware-europol-initiative.html<
https://www.hackread.com/no-more-ransom-anti-ransomware-portal/<
http://thehackernews.com/2016/07/ransomware-decrypt-tool.html<