Reading: ‘Wildfire’ Ransomware Defeated by International Security Team

Bitcoin Security

‘Wildfire’ Ransomware Defeated by International Security Team

Brian Yim | Aug 25, 2016 | 18:00

computer security Bitcoin Security

‘Wildfire’ Ransomware Defeated by International Security Team

Brian Yim | Aug 25, 2016 | 18:00

Wildfire, a type of ransomware targeted at Dutch speakers, has been successfully defeated by the No More Ransom initiative, a project coordinated by the Netherlands Police, Europol, Intel and Kaspersky. This multinational collaboration aims to help victims of ransomware retrieve their encrypted files for free through the use of multiple decryption tools.

Also read: Ransomware as a Service is Bringing In Some Serious Money

‘Wildfire’ Ransomware

Wildfire is a piece of ransomware, a type of malware that takes users’ files hostage and prevents them from being accessed. To save their files, victims must  pay attackers, usually via bitcoin or gift cards. This type of malware has been a major headache for many organizations and companies, since all it takes for important, possibly confidential documents to be lost is a couple of clicks from an unsuspecting employee.

Wildfire is special because it originates from spam emails written in Dutch, mostly targeting people living in the Netherlands and Belgium. The spam email poses as a message from a Dutch transport company, stating that the victim has missed a delivery.

Researchers state that the hackers behind Wildfire “clearly put a lot of effort into making their spam emails look credible and very specific,” with the email containing real addresses and contact information to make the message more believable in an effort to get potential victims to download the malware contained in the email attachment.

Wildfire Spam Email Screenshot

No More Ransom Project

The No More Ransom Project is a collaborative effort between the National High Tech Crime Unit of the Netherlands’ Police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security. Their primary objective is to prevent ransomware from infecting victims, and if that happens, to provide a free method for recovering users’ files. Their team has provided decryption tools for seven strains to date: Chimera, Teslacrypt, Shade, CoinVault, Rannoh, Rakhni and now WildFire. Alongside decryption software, a file analyzer is also available to help users determine what exact malware is infecting their system.

What do you think about ransomware? Do you support the No More Ransom Initiative? Tell us what you think in the comments below!

Source: ZDNet

Images courtesy of NICVA, ZDNet.

Show comments