Close

2020/01/22Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior)

What is ransomware?

Ransomware is malicious software. Ransomware programs are computer viruses. These viruses block access to information systems or data stored on the victim’s computer or server, then demand that the victim pay a ransom to unblock said access, although it is never guaranteed that it will actually be unblocked.

 

Whom does ransomware affect?

Ransomware affects many French companies as well as some individuals and local governments. Many people have felt the impact of these attacks on their day-to-day lives. Industrial companies have idled, technical unemployment has occurred, public services (medical, civil, etc.) have slowed down or come to a halt, advanced technical equipment (aircraft) has been put out of service and so on.

In response, information security players are undertaking efforts to raise awareness (e.g. the French Ministry of the Interior), provide support (e.g. antivirus software producers) and solve problems (e.g. IT service providers).

 

How does ransomware work?

Ransomware implants itself on the victim’s computer or servers without the victim’s knowledge. It has many different possible vectors: emails from unknown senders with one or more attachments, USB keys of unknown origin or used elsewhere and not “decontaminated,” visits to compromised websites, engagement with online games and quizzes, etc.

 

What motivates criminals to perform ransomware attacks?

A shift in cybercriminal strategy has been observed. Formerly indiscriminate, ransomware attacks now are specialised and seem to target more large companies, which are capable of paying very high ransoms, and local governments, which are presumed to be less protected and more sensitive given the need for continuity of public services.

 

Is ransomware a lasting phenomenon?

The year 2017 was marked by multiple ransomware campaigns (WannaCry, NotPetya) now largely known to the public. These attacks did not continue to exhibit strong growth; however, their rates remained high in 2018 and 2019.

Strong media coverage of the ransomware phenomenon, as well as state recommendations to systematically refuse to pay ransoms, have driven criminals to turn to other modes of operation that are more difficult to detect. Hence, rates of spear phishing and cryptojacking (underground cryptocurrency mining) have risen sharply since early 2018.

 

What can be done to protect against ransomware?

In general, any computer not protected by up-to-date antivirus software and a secure password, combined with careless use, represents an easy target.

Basic digital hygiene prevents and/or limits ransomware as well as other digital attacks.

 

For additional information on ransomware: