McAfee Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware

By and on Jul 25, 2016

McAfee, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems.

Although we talk a great deal of the value of public-private partnerships in the fight against cybercrime, few events in the cybersecurity field are more inspiring than seeing such collaboration in action and scoring wins.

Today, McAfee announces a collaborative victory with Europol, Kaspersky Lab, and the Dutch police’s National High Tech Crime Unit (NHTCU). Together these players have successfully taken down the control servers operating the Shade ransomware. Furthermore, McAfee and Kaspersky Lab have leveraged cryptographic keys captured in the takedown to develop decryption tools capable of unlocking systems infected by the ransomware. These tools are available free of charge as a part of the “No-More-Ransom” project, an initiative to share ransomware threat intelligence, coordinate malware campaign takedowns, educate users on how to protect themselves, report ransomware attacks, and provide tools to unlock infected systems.

The Shade ransomware first appeared in late 2014, infecting users across Eastern and Central Europe through malicious websites and infected email attachments. The respective McAfee and Kaspersky Lab tools will provide relief to users infected with Versions 1 or 2 of the Shade malware. The McAfee tool can be downloaded at https://www.mcafee.com/us/downloads/free-tools/shadedecrypt.aspx.

“This initiative shows the value of public-private cooperation in taking serious action in the fight against cybercrime,” said Raj Samani, EMEA CTO for McAfee. “This collaboration goes beyond intelligence sharing, consumer education, and takedowns to help repair the damage inflicted upon victims. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with ransom payments.”

After slowing slightly in mid-2015, ransomware overall regained its rapid growth rate. According to the June 2016 McAfee Labs Threats Report, total ransomware grew 116% year-over-year for the period ending March 31. Total ransomware rose 26% from Q4 2015 to Q1 2016 as lucrative returns continued to draw relatively low-skilled criminals. An October 2015 Cyber Threat Alliance analysis of the CryptoWall V3 ransomware hinted at the financial scale of such campaigns. The researchers linked just one campaign’s operations to $325 million in victims ransom payments.

 

For more information on the No-More-Ransom initiative, please visit www.nomoreransom.org.

For more information on how users can protect themselves from ransomware in general, please visit Ransomware and You.

More information on ransomware can be found at www.mcafee.com/ransomware.

About the Author

Raj Samani

Raj Samani is Chief Scientist and McAfee Fellow for cybersecurity firm McAfee. He has assisted multiple law enforcement agencies in cybercrime cases, and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall ...

Read more posts from Raj Samani

Christiaan Beek

Christiaan Beek, lead scientist & sr. principal engineer is part of Mcafee’s Office of the CTO leading strategic threat intelligence research within Mcafee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence ...

Read more posts from Christiaan Beek

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs