Ransomware has become a serious global problem in recent years, disrupting business, destroying large volumes of important data and inflicting heavy financial costs. Home users and businesses alike have been forced to re-calibrate defenses, plan for the worst, and scramble for recovery mechanisms when disaster strikes.
Fortunately, they are not alone – for the past six years, the NoMoreRansom initiative has helped victims get back in business through the efforts of 188 partners who pledged to curb the proliferation of ransomware. As we celebrate the sixth anniversary of an extremely important partnership between 49 police forces and 139 private entities, we’re proud to showcase our achievements.
As a prominent contributor to this initiative, Bitdefender has submitted 13 decryption tools for 11 ransomware families. Downloaded roughly a million times, our free decryptors have helped private citizens and companies escape an estimated US $1 billion in ransom demands.
Since 2016, Bitdefender, in cooperation with national and international law enforcement agencies, has released high-profile decryption utilities for world’s most pervasive ransomware operations.
The Bitdefender Draco and Labs Teams provided cybersecurity consulting and guidance, especially in areas of cryptography, forensics and investigations, that helped the law enforcement consortium in this operation minimize the impact of successful ransomware attacks, and eventually led to arrests. This collaboration with law enforcement is a prime example of the public and private sector working together to significantly disrupt cybercriminal activities.
GandCrab (early 2018, mid-2019)
For about 18 months, GandCrab was the undisputed leader in ransomware-as-a-service. Targeting home users and companies alike, it became so popular that it was responsible for half of the world’s ransomware infections. In collaboration with Europol, the Romanian Police, DIICOT and other law enforcement organizations, Bitdefender has released five decryption tools, dealing a serious blow to the most popular versions of the ransomware. Our joint efforts helped 1.5 million victims save over $50 million and eventually led to the demise of the cybercrime ring.
REvil/Sodinokibi (mid-2019, late 2021)
In collaboration with a trusted law enforcement partner, Bitdefender released a free universal decryptor for REvil attacks targeting companies worldwide. Since mid-September 2021, the Sodinokibi / REvil decryptor has helped over 1,500 companies in 83 countries recover files and save over $600 million in unpaid ransom. The average ransom demand is about $393,000, much higher than GandCrab’s average ransom of between $800 and $2,400.
Ransomware best practices
- Ransomware attacks usually start with email phishing and social engineering. Educate and continuously train employees on the dangers of clicking links and opening attachments from unknown sources.
- Install security software and keep the operating system and third-party software updated
- Minimize your attack surface and ensure legacy services or other unneeded services (such as RDP) are not exposed to the Internet.
- Back up data to offline storage media. If possible, follow the 3-2-1 backup rule: 3: Create one primary backup and two copies of your data. 2: Save your backups to two different types of media. 1: Keep at least one backup file offsite
- #dontpay: if you have fallen victim to a ransomware attack, do not pay the ransom. Contact the experts and ask for help.
If you represent a law enforcement agency needing technical expertise in ransomware cases, please contact us at [email protected]. If you or your company have been affected by a ransomware attack, reach out to us at [email protected].