In a win for the good guys, a group backed by police and security companies have developed a free decryption tool for victims of the Wildfire variant of ransomware.

The tool comes from the No More Ransom initiative, a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab that provides keys for unlocking files encrypted by various strains of ransomware.

According to Intel Security, most victims of Wildfire are in the Netherlands and Belgium, and are infected through emails purporting to be from transport companies claiming that the recipient had missed a delivery and that they needed to fill in a “special form” attached with the mail.

That form, unsurprisingly, infects the computer it is opened on with the ransomware which encrypts files on a victim’s hard drive and demands a ransom of 1.5 bitcoin ($863) be paid for a key to unencrypt the files. In what has to be the politest ransom demand ever, the pop-up not only provides instructions on how to obtain a bitcoin wallet and purchase bitcoin, it also offers the ability to contact those making the ransom if the victim has any questions.

Interestingly that high level of customer service, if you can call it that, has meant that victims were also able to negotiate a lower ransom payment, with most ending up paying only between 0.5 bitcoin ($287) and 0.6 bitcoin ($345).

The sum total collected by the group behind the malware is believed to be  $79,481, from the infection of 5,309 computers.

Winning

The No More Ransomware Initiative was launched in June as a helpful online resource for victims of ransomware where users can find information on what ransomware is, how it works and how to rid themselves of it, and has so far provided decryption tools for strains of ransomware including Shade, Coinvault, Rannoh, Rakhn and now Wildfire.

In its short history, theNo More Ransomware program can certainly be described as slowly winning in a battle against the ever evolving threat of malware. With the initiative ongoing, expect more decryption tools to come.

“Today … the victims of Wildfire no longer have to face the difficult choice of either paying criminals or sacrificing their data,” researchers Christiaan Beek and Raj Samani write. “The availability of this decryption tool allows victims to reclaim their data without having to pay anyone. The initial tool includes 1,600 keys for Wildfire and more will be added in the near future. The is another result of the NoMoreRansom public-private partnership.”

A free copy of the Wildfire decryption tool, as well as decryption tools for other forms of malware, is available on the No More Ransom website here.

photo credit: 20160722-FS-UNK-0002 via photopin (license)