McAfee, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems.
Although we talk a great deal of the value of public-private partnerships in the fight against cybercrime, few events in the cybersecurity field are more inspiring than seeing such collaboration in action and scoring wins.
Today, McAfee announces a collaborative victory with Europol, Kaspersky Lab, and the Dutch police’s National High Tech Crime Unit (NHTCU). Together these players have successfully taken down the control servers operating the Shade ransomware. Furthermore, McAfee and Kaspersky Lab have leveraged cryptographic keys captured in the takedown to develop decryption tools capable of unlocking systems infected by the ransomware. These tools are available free of charge as a part of the “No-More-Ransom” project, an initiative to share ransomware threat intelligence, coordinate malware campaign takedowns, educate users on how to protect themselves, report ransomware attacks, and provide tools to unlock infected systems.
The Shade ransomware first appeared in late 2014, infecting users across Eastern and Central Europe through malicious websites and infected email attachments. The respective McAfee and Kaspersky Lab tools will provide relief to users infected with Versions 1 or 2 of the Shade malware. The McAfee tool can be downloaded at https://www.mcafee.com/us/downloads/free-tools/shadedecrypt.aspx.
“This initiative shows the value of public-private cooperation in taking serious action in the fight against cybercrime,” said Raj Samani, EMEA CTO for McAfee. “This collaboration goes beyond intelligence sharing, consumer education, and takedowns to help repair the damage inflicted upon victims. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with ransom payments.”
After slowing slightly in mid-2015, ransomware overall regained its rapid growth rate. According to the June 2016 McAfee Labs Threats Report, total ransomware grew 116% year-over-year for the period ending March 31. Total ransomware rose 26% from Q4 2015 to Q1 2016 as lucrative returns continued to draw relatively low-skilled criminals. An October 2015 Cyber Threat Alliance analysis of the CryptoWall V3 ransomware hinted at the financial scale of such campaigns. The researchers linked just one campaign’s operations to $325 million in victims ransom payments.
For more information on the No-More-Ransom initiative, please visit www.nomoreransom.org.
For more information on how users can protect themselves from ransomware in general, please visit Ransomware and You.
More information on ransomware can be found at www.mcafee.com/ransomware.