Free decryption tools provided by Europol has saved organisations his by ransomware from paying out more than $100 million to cyber criminals.
The No More Ransom campaign was launched by the European Union Agency for Law Enforcement Cooperation, known more commonly as Europol, in 2016 in association with a number of cyber security firms.
More than 200,000 victims have downloaded the agency's free anti-ransomware tools to date, meaning criminals have lost out on $108 million (approximately 87.6 million) in profit, according to figures released by Europol on the initiative's third anniversary.
The GandCrab ransomware alone, considered among the most successful and aggressive strains, has led to 40,000 decryptions using No More Ransom's tools, which prevented criminals from scoring $50 million.
Since its inception in July 2016, the multinational co-operation has released 82 tools free of charge to businesses, with those tools targeting 109 ransomware families. This is in addition to three million website visits to date.
Furthermore, there are now 151 partners who feed into the project, comprising 42 law enforcement agencies, five EU agencies and 101 public and private organisations. These include cyber security firms like McAfee, Avast and Bitdefender.
South Korea alone is responsible for 21.5% of all traffic to the project, followed by the US and the Netherlands, with 9.5% and 7.5% of traffic respectively.
"When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds," said the head of Europol's European Cybercrime Centre Steven Wilson. "A wrong click and databases, pictures and a life of memories can disappear forever.
"No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice."
In the time that No More Ransom has been running, the scale of the threat facing businesses has exploded. Despite a fall between 2017 and 2018, UK organisations experienced a 195% rise in attacks in the first half of 2019.
This has been explained by a preference among cyber criminals for ransomware as a service (RaaS) tools, as well as open-source malware kits coming down in cost, according to a report by SonicWall.
Last week also saw ransomware attacks take down critical public infrastructure in sites across the world. These included the energy supply in the city of Johanessburg, South Africa, and the IT systems of three school districts in the US state of Louisiana.
The scale of success for Europol's No More Ransom campaign is illustrated by the fact it saved organisations 6.5 million only two years ago, versus almost 100 million now.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field dayNews February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
-
The Zservers takedown is another big win for law enforcementNews LockBit has been dealt another blow by law enforcement after Dutch police took 127 of its servers offline
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victimsNews Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
