No More Ransom update. Belgian Federal Police releases free decryption keys for the Cryakl ransomware

No More Ransom update. Belgian Federal Police releases free decryption keys for the Cryakl ransomware

Back to CIRCL Newsroom - Press Release

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

The Belgian Federal Police has released free decryption keys for the Cryakl ransomware on Friday February 9, 2018, after working in close cooperation with Kaspersky Lab. The keys were obtained during an ongoing investigation; by sharing the keys with No More Ransom the Belgian Federal Police becomes a new associated partner of the project – the second law enforcement agency after the Dutch National Police.

In the last few years ransomware has eclipsed most other cyber threats, with global campaigns indiscriminately affecting organisations across multiple industries in both the public and private sector, as well as consumers. One of the most effective ways to fight ransomware is to prevent it. This is exactly why No More Ransom was launched more than a year ago.

It is yet another successful example of how cooperation between law enforcement and internet security companies can lead to great results. When the Belgian Federal Computer Crime Unit (FCCU) discovered that Belgian citizens had been victims of the Cryakl ransomware, they were able to locate a command and control centre in one of Belgium’s neighbouring countries. Led by the federal prosecutor’s office, the Belgian authorities seized this and other servers while forensic analysis worked to retrieve the decryption keys. Kaspersky Lab provided technical expertise to the Belgian federal prosecutor and has now added these keys to the No More Ransom portal on behalf of the Belgian federal police. This will allow victims to regain access to their encrypted files without having to pay to the criminals.

The Belgian authorities are currently continuing the investigation. However, with cybersecurity and the best interests of the Cryakl ransomware victims at heart, the seized decryption keys have already been uploaded onto the No More Ransom portal.

52 decryption tools available

Since the launch of the No More Ransom portal in July 2016 almost 1.6 million people from more than 180 countries have accessed the website, available in 29 languages with Estonian as the most recent addition.

There are now 52 free decryption tools on www.nomoreransom.org, which can be used to decrypt 84 ransomware families. CryptXXX, CrySIS and Dharma are the most detected infections. More than 35 000 people have managed to retrieve their files for free, which has prevented criminals from profiting from more than EUR 10 million.

The number of partners working together on No More Ransom has risen to more than 120, including more than 75 internet security companies and other private partners. The Cypriot and Estonian police are the most recent law enforcements agencies to join. KPN, Telenor and The College of Professionals in Information and Computing (CPIC) have joined as new private sector partners.

CIRCL is a member and contributor of the “No More Ransom” initiative.

Find more information and prevention tips on www.nomoreransom.org.