Ransomware is back ! At least that's what McAfee's latest report on ransomware suggests. As a result, ransomware attacks increased by 118% in the first quarter of 2019. By August 2019, there were no less than 504 new threats of this type emerging every minute. In addition, the average ransom payment was $ 224,871 in the first quarter of 2019, compared to $ 116,324 for the full year 2018./br>
However ransomware is not new. Already in 1989, the Trojan AIDS, also called PC Cyborg attacked computers by encrypting their data and asked for $ 189 to unlock the files.
According to experts, this type of virus still has a bright future ahead of it. This is why it is important to know how to recognize it and, above all, to protect yourself effectively.
Ransomware is malicious computer software. It hijacks one or more computers by encrypting and blocking the files and data stored there. To regain control of his data, the attacker claims that the user must pay a ransom.
Most of the time, the virus comes from a file downloaded or received by email. One of the most famous ransomware is called WannaCry. In 2017, this virus had exploited a loophole in the "supply chain" of an international accounting software. Result, hundreds of thousands of computers spied around the world. If at the base, the ransomware can be very profitable for the pirate, it can have many other consequences for the victims. Indeed, some attacks also aim to seriously damage the systems and to incur heavy operating losses or image damage.
There are three main types of ransomware: those that block programs, those that encrypt files, and those that operate through websites by locking content.
« Blocking ransomware uses, among other things, pop-ups. These open on top of other programs and prevent the user from continuing freely. These viruses are often accompanied by a message accusing you of having committed any offense (and especially imaginary!)
« Encrypting ransomware » acts more discreetly and displays a clear message: the decryption key in exchange for a ransom within a set time otherwise the key will be destroyed ... and your data too!
The third type of ransomware takes the form of mandatory subscriptions on sites. It is finally this kind of virus that we meet most regularly. Thus, on the sites in question, you are forced to subscribe to paid services to download files.
But what to do to get rid of a ransomware? Do we have to pay?
How to protect from ransomware?
We do not advise you to pay the requested ransom. Indeed, although it may be tempting, it is a bad idea. There is no guarantee that the situation will be unlocked even if you pay! In many cases, the money is collected but the server, responsible for the distribution of the key, is no longer reachable, broken down or no longer exists.
In case of an attack, the first thing to do is unplug the infected machine from the internet and the computer network. Also unplug the healthy hard drives to prevent encryption of still intact files and isolate the computer to prevent spread to all machines. Next, get up close and personal with your IT department or cybersecurity experts. Beyond data recovery, it’s important to restore trust in the information system by isolating the data so that it does not become infected again and cleans the files before reinstalling them.
Ransomware is not inevitable; it is possible to protect yourself. First essential point and quite easy: the regular and offline backup of your data which seems to be the most effective weapon against the ransomwares.
There are other easy steps to apply:
• Run the hotfixes to keep the systems up-to-date,
• Use anti-virus software and apply updates,
• Change default passwords for all access points,
• Use dual factor authentication,
• Locate your critical data and define a backup strategy in function,
• Train staff to recognize suspicious emails (suspicious origin or form, extensions of unknown files ...),
• Have a defined plan in case of attack.
To go further and protect its information system effectively, it is now time to invest in sustainable solutions and make cybersecurity a top priority.
The Gatewatcher team can assist you in your efforts with its Trackwatch® detection system. Thanks to a dynamic analysis of network flows, the Trackwatch® solution is able to report the most advanced threats as well as new attacks based on all types of malicious files.