As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software.
Naturally, here at Phish Protection we think you should be proactive and use our inexpensive and easy-to-deploy cloud-based phishing protection with Advanced Threat Defense to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware?
If you’ve been hit by ransomware AND you’ve decided not to pay it, there’s a resource you should know about. It’s called No More Ransom (NMR) and it “is an initiative by Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police and McAfee to help victims of ransomware retrieve their encrypted data without having to pay to the criminals.”
Europol is “the European Union’s law enforcement agency. Their main goal is to achieve a safer Europe for the benefit of all the EU citizens.” Even though Europol is for the benefit of EU citizens, there’s no reason why people outside the EU cannot take advantage of their initiative.
What NMR does is it figures out how to decrypt a strain of ransomware and when it does, it makes the tool for decrypting it available, for free, on the web. To date, they have “broken the code” on over a dozen ransomware variants. According to an article on SC Magazine, “the site has helped more than 200,000 people recover files after a ransomware attack.” That’s impressive, since the site was launched in July 2016.
So, how does NMR work? According to their site, there are just four steps:
- Upload two encrypted files and the ransomware note to the NMR Crypto Sheriff
- The Crypto Sheriff matches the information against a list of available decryption tools
- If there is a positive hit, the link to the tools is provided. The victim only needs to follow the instructions to unlock their files.
- If no tool is available at the moment, the victim is advised to continue checking in the future, as new tools are added on a regular basis.
It’s not as good as avoiding ransomware in the first place, but it’s better than nothing. If you get stung by ransomware and want to avoid paying the ransom, check out No More Ransom. And then immediately after you get your files back unencrypted, head on over to Phish Protection to make sure it doesn’t happen again.
No More Ransom is available in 35 languages.