European police agency Europol is teaming up with cybersecurity companies in an initiative aimed at slowing an “exponential” rise in ransomware.
The scheme revolves around a website that connects victims and police, gives advice and helps with data recovery.
The number of ransomware victims tripled in the first three months of 2016, according to one estimate.
Ransomware is malware that typically demands a fee to unscramble important data on a compromised device.
The No More Ransom site will be updated as ransomware gangs are tackled, one of the project’s partners said.
Co-ordinated by Europol, the initiative also involves the Dutch national police, Intel Security and Kaspersky Labs.
“For a few years now ransomware has become a dominant concern for EU law enforcement,” said Wil van Gemert, Europol’s deputy director of operations.
“We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware.”
More victims
No More Ransom brings together information about what ransomware is, how to avoid falling victim and what to do if a person or company is caught out.
“Right now the only option victims have is to pay the ransom or not,” said Raj Samani, European head of Intel Security. “This gives people another option.”
Often, people struggle to find out what they can do when they are hit.
With this website, victims will be able to upload scrambled files to identify which strain of ransomware has locked up their data, he said.
“We’ve seen a threefold increase in infected victims from January to March this year,” he added. “And we’re seeing a rise in new families of ransomware coming up all the time.”
In June, one site that tracks ransomware logged more than 120 separate families of the malicious code being used in different campaigns.
“It’s becoming a hugely profitable economy for the criminals,” said Mr Samani. “They know there’s real money to be made here.
“What’s particularly telling is that historically ransomware victims have been consumers and small businesses,” he said. “But we are now seeing bigger institutions, hospitals and universities, getting hit.”
The site will be kept up to date with information gleaned from international action against gangs that run ransomware campaigns, Mr Samani said.
Other police forces, security companies and researchers will be encouraged to contribute to the site and add advice or tools to help victims.
At present, the site links to decryption software for four well-known families of ransomware – Coinvault, Shade, Rannoh and Rakhni.