Ransomware: The Silver Lining

Ransomware continues to be a significant threat to organizations worldwide.  News coverage has brought it to the forefront of cybersecurity strategies and, even more impressively, into boardroom discussions. While some companies have been reluctant to invest in cybersecurity because of the lack of ROI, ransomware has undoubtedly reinforced the fact that cybersecurity is necessary.

Interestingly, we are seeing a shift in the cybersecurity industry that’s being driven by the onslaught of ransomware. Experts and vendors are releasing and sharing decryption tools to combat ransomware. The National High Tech Crime Unit of the Netherlands’ Police, Europol’s European Cybercrime Centre, Kaspersky Lab, and McAfee teamed up to launch the No More Ransom Project in July 2016, which provides decryption tools to help ransomware victims recover their files without being forced to acquiesce to payment demands. More companies, organizations, and law enforcement agencies have since joined in, offering their time and resources. In a strange twist, it has brought the cybersecurity industry together, in much the same way that a natural disaster brings communities together.

In there lies the silver lining.

This isn’t the first time that the cybersecurity community has pooled its resources. Remember 2014 and the vulnerabilities that shook us up (a little)? Heartbleed and Shellshock, to name a few, were immediately addressed by the entire cybersecurity community. Perhaps it was the magnitude of these vulnerabilities that pushed us together, but clearly, that’s something that we, as a community, need to consider – working together to create and maintain a safer cyber landscape.

Helping hand ransomware


This is much easier said than done, however.

One of the main reasons is the fact that cybersecurity is a business and each business works towards differentiating itself in some way to maintain its competitive advantage. Rather than protection being the competitive differentiator, perhaps we need to consider a shift towards unified protection with a focus on services as the competitive edge.

The No More Ransom Project is a step in the right direction.

It’s a firm united stand against ransomware that makes decryption tools easily available regardless of your security provider. It provides hope, when victims are left in hopeless situations. It leverages the collective expertise of IT security professionals to create protection to undo ransomware’s actions. (At the time of writing this entry, the No More Ransom Project has decryption tools for over 80 pieces of ransomware.) While information sharing is a sensitive topic because cybersecurity is in itself a sensitive matter, the positive reception around the No More Ransom Project leaves me wondering if we can do something similar beyond just ransomware.

After all, if cybercriminals work together, why can’t we, the cybersecurity community, do the same?