‘Wildfire’ Ransomware Defeated by International Security Team
Wildfire, a type of ransomware targeted at Dutch speakers, has been successfully defeated by the No More Ransom initiative, a project coordinated by the Netherlands Police, Europol, Intel and Kaspersky. This multinational collaboration aims to help victims of ransomware retrieve their encrypted files for free through the use of multiple decryption tools.
Wildfire is a piece of ransomware, a type of malware that takes users’ files hostage and prevents them from being accessed. To save their files, victims must pay attackers, usually via bitcoin or gift cards. This type of malware has been a major headache for many organizations and companies, since all it takes for important, possibly confidential documents to be lost is a couple of clicks from an unsuspecting employee.
Wildfire is special because it originates from spam emails written in Dutch, mostly targeting people living in the Netherlands and Belgium. The spam email poses as a message from a Dutch transport company, stating that the victim has missed a delivery.
Researchers state that the hackers behind Wildfire “clearly put a lot of effort into making their spam emails look credible and very specific,” with the email containing real addresses and contact information to make the message more believable in an effort to get potential victims to download the malware contained in the email attachment.
No More Ransom Project
The No More Ransom Project is a collaborative effort between the National High Tech Crime Unit of the Netherlands’ Police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security. Their primary objective is to prevent ransomware from infecting victims, and if that happens, to provide a free method for recovering users’ files. Their team has provided decryption tools for seven strains to date: Chimera, Teslacrypt, Shade, CoinVault, Rannoh, Rakhni and now WildFire. Alongside decryption software, a file analyzer is also available to help users determine what exact malware is infecting their system.
What do you think about ransomware? Do you support the No More Ransom Initiative? Tell us what you think in the comments below!
Images courtesy of NICVA, ZDNet.