No More Ransom decryption tools have been downloaded ten million times in six years

The No More Ransom anti-ransomware project of police forces and security companies is six years old. Since its inception, the tools have been downloaded ten million times, an increase of four million times in the past year. There are now 136 tools available on the site.

No More Ransom was founded on July 26, 2016 by the Dutch High Tech Crime Team of the police, Europol and security companies Kaspersky and McAfee. The goal of the project is to provide free decryptors for victims of ransomware. They are built by the security companies. Some decryptors exploit technical vulnerabilities in ransomware to decrypt files, but police also provide seized keys after arrests. Since the inception of the project, there have been according to the promoters 136 tools released for 165 different types of ransomware. These include notorious names, such as Gandcrab and REvil. Old decryptors are not guaranteed to work on that ransomware: the gangs often changed their malware to evade decryptors and detection.

The makers say that 188 partners have now joined the project. In recent years, more and more national and local police and investigative services and security companies have joined the project. The makers say nothing about the distribution of the number of decryption tools, but a year ago Emsisoft was a major supplier by releasing 59 tools for as many ransomware families. Those numbers are skewed: other companies such as Kaspersky made tools that worked for multiple ransomware variants.

According to the makers, the tools have been downloaded more than ten million times. That would be a huge step from last year. Back then, the tools had only been downloaded six million times. One and a half million users would have recovered files by using the tools, although those numbers are difficult to substantiate. Not all tools collect telemetry and No More Ransom uses estimates to calculate the total number of users.

The increase in the number of downloads is striking, because the question is how relevant the No More Ransom project still is. At its inception, ransomware was still a major problem for individual victims whose home PCs were infected. Such ransomware was widely distributed and loose decryptors worked well for it. Ransomware has now evolved into a professional crime and companies are mainly affected. Criminals accurately infect such a company and know to be in a network in such a way that a general decryptor such as No More Ransom that offers it is of little use.

The No More Ransom project served as a blueprint for more public-private partnerships against cybercrime. In recent years, for example, a No More Ddos project was also set up and the police started collaborating with specialized security companies in a different way to tackle cybercrime.