No More Ransom disrupts WildFire ransomware

The No More Ransom anti-ransomware initiative is starting to bear fruit, resulting in the recent shutdown of a major ransomware command-and-control server.

The project — a collaboration between Dutch police, Europol, Intel Security and Kaspersky Lab to combat ransomware — was launched last month.

Kaspersky Lab announced that it has helped police and the Netherlands’ National Prosecutors Office locate and take down the WildFire command and control server.

As part of the seizure, more than 1600 keys for mainly Dutch infections were confiscated. Kaspersky Lab and Intel Security have developed special decryption tools to help victims unlock encrypted files without paying the ransom, and are making the tool available for free on NoMoreRansom.org.

Victims’ infected computers will no longer be able to connect to the criminals’ servers, and instead victims will be alerted that they can visit the site to download the decryption tool without having to pay the ransom.

Currently, NoMoreRansom.org also hosts five more ransomware decryption tools, the latest of which was developed in July.

“It is of great importance that more partners from as many different disciplines as possible will join forces with us, to discourage this type of ransomware with even more vigour,” stressed Jornt van der Wiel, a security researcher at Kaspersky Lab’s global research and analysis team.

“We are making good progress, but this is only the beginning, and with close cooperation we can achieve so much more.”

Image courtesy of Christiaan Colen under CC