Ransomware: a real and costly threat

Ransomwares are powerful, malicious software through which hackers demand ransom payments. Increasingly widespread, they have made businesses their favourite target.

Ransomwares attack all types of devices: computers and servers, but also tablets and smartphones. The consequences of an infection are numerous and devastating:

• Device infection and access restriction: you can only access a web browser for example, the rest of your data and functions are blocked.
• Encryption of documents and images. You then need to obtain the decryption key to recuperate your documents. This is called "crypto-ransomware".
• Denial of service aimed at a website: the website is stopped if the ransom isn't paid.
• Theft of confidential data with the threat of rendering them public.
• Forced advertizing: The device is blocked and you are given one choice - to click on and view adverts. The malware author receives a profit proportional to the number of clicks.

What they all have in common: blackmail. You can't delete the malware or decrypt the data unless you pay.

The malware spreads:

• In an email with infected content: an attached PDF or a link in the body of the message, for example.
• Through the download of malicious files via a website.
• During web browsing, on specific sites and through infected advertizing banners. Even without clicking on them, just seeing them can infect your device. Once on your device, the malware can come into effect and block your device at any time.

Ransomware is the most prolific cyberthreat since the start of 2016. Police units but also medical organizations have paid the price. The Hollywood Presbyterian Medical Center had their oncology and radiology services data hacked and paid $17k to the cybercriminals.

A veritable cybercrime industry is developing: a proportion of the money collected is reinvested in the development of new malwares. If the cyberattacks aim both for individuals and professionals, the hackers know that they can "cash in their services" at much higher rates with companies. Increasing numbers of ransomeware kits are available for purchase on the Dark Web which thus fosters their widespread diffusion.

According to one study, 72% of companies experienced a loss of access to their data for two days after a ransomware infection. 32% of companies couldn't access their data for a length of 5 days or more.

Without going into the ransom issue which is already a huge cost, the time and energy expended are equally huge. The attacked company must then restart the entire computing system, which means totally stopping workstations. This is a huge burden on the IT Systems department. What's more, this type of attack is a catastrophe for the company's image and has a very negative impact on the reputation of the latter.

• Report your problem to the Police? Yes, to alert them. But they will not be able to do anything for you and your data in the end.
• Pay the ransom: yes, in most cases. Unfortunately, once the files have been encrypted, there is no other way to recuperate them. And despite this, you won't be immune from other, more subtle viruses installed without your knowledge and then spreading to your devices. What's more, nothing guarantees that the decryption key will be given to you and that it will work.
• Clean your machine and restore a backup copy: yes. But in some cases, such as the latest ransomware which everyone is talking about, Petya, restoration is not enough.

In all cases, the issue is costly and doesn't offer any guarantee. As is often the case in computer security, prevention is better when a cure is much tougher.

Eight core habits to adopt:

• Conduct regular antivirus updates with the latest security fixes. Ransomwares frequently exploit the holes in the older versions.
• Regularly backup your data onto external hard disks or via a dedicated and secure cloud solution.
• Be cautious of suspicious attachments or links.
• Avoid as much as possible the use of macros on Microsoft Office (Word, PowerPoint, Excel) when their source is uncertain. View them first in a reader.
• Uninstall useless plugins - like Silverlight, Flash, Java- if you don't use them. This reduces the attack surface.
• Use the administrator setting as little as possible on your device. Only a few specific actions require this, and it increases the likelihood of an attack.
• Install an ad-blocker. You will thus be spared from malwares spread through advert banners.
• Equip your company with a specialized antimalware security solution, such as GravityZone which was developed by Bitdefender and aimed at companies. Choose a solution to cover all of the endpoints and mobile devices of your employees and which protects your web and message portals.

Ransomwares keep finding victims in the professional world. They repressent a colossal cost and numerous nuisances for the company. The best way to avoid them is to install an up-to-date and powerful cybersecurity shield for better protection and efficient risk management.

To learn more, have a look at all of our antivirus articles.