No More Ransom Decryption Tools Have Been Downloaded Ten Million Times in Six Years

The No More Ransom anti-ransomware project by police and security companies is six years old. Since its inception, the tools have been downloaded ten million times, an increase of four million from a year. There are now 136 tools available on the site.

No More Ransom was founded on July 26, 2016 by the High Tech Crime Team of the police, Europol and security companies Kaspersky and McAfee. The aim of the project is to make free decryptors available to victims of ransomware. They are built by the security companies. Some decryptors take advantage of technical vulnerabilities in ransomware to decrypt files, but police also deliver confiscated keys after arrests. Since the inception of the project, 136 tools have been released for 165 different types of ransomware, according to the initiators. This includes notorious names such as Gandcrab and REvil. Old decryptors are not guaranteed to work on that ransomware: the gangs often changed their malware to evade decryptors and detection.

The makers say that 188 partners have now joined the project. In recent years, more and more national and local police and investigation services and security companies have joined the project. The makers say nothing about the distribution of the number of decryption tools, but a year ago Emsisoft was a major supplier by releasing 59 tools for as many ransomware families. Those numbers are skewed: other companies like Kaspersky made tools that worked for multiple ransomware variants.


According to the makers, the tools have been downloaded more than ten million times. That would be a huge step from last year. Back then, the tools had only been downloaded six million times. One and a half million users are said to have recovered files by using the tools, although those numbers are hard to prove. Not all tools collect telemetry and No More Ransom uses estimates to calculate the total number of users.

The increase in the number of downloads is striking, because it is questionable how relevant the No More Ransom project is. At its inception, ransomware was still a major problem for individual victims whose home PCs were infected. Such ransomware was widely distributed and individual decryptors worked well for that. Ransomware has now evolved into a professional crime and mainly affects businesses. Criminals accurately infect such a company and know that they are in a network in such a way that a general decryptor such as No More Ransom offers it is of little use.

The No More Ransom project served as a blueprint for more public-private partnerships against cybercrime. In recent years, for example, a No More Ddos project has also been set up and the police have started working with specialized security companies in a different way to tackle cybercrime.