The last decade saw an exponential growth of types of viruses and malwares. Among those malwares, ransomware have become rampant.
- What is a ransomware ?
A ransomware is a specific form of malware used as a mean for extortion. Nowadays they mostly used cryptology to ensure that the victim is going to pay. A message is usually visible instructing the victim to pay a certain amount to the cybercriminals in exchange for the decryption key.
- A brief history of ransomwares
The first sort of ransomware was only intended to prevent the user from accessing their computer. Then the victim usually had to send a check. In the 2000, ransomwares like Reveton pretended the victim had committed a crime and prevented them from accessing their computer until they pay a fee to a governmental organization like the FBI. Then the Ransomware CryptoLocker was a massive encrypting ransomware and is still used nowadays. Two encrypting ransomwares were the start of some of the biggest global cyberattacks: WannaCry in May 2017, et Not Petya in June 2017
Ransomwares started changing due to two factors: cryptography and the rise of bitcoin. Nowadays, ransomwares are mostly designed to encrypt the victims’ files. While the first wave of ransomware targeted individuals, ransomware target now individuals for a relatively small ransom or they can be used for a larger, more prepared attack against a company or an institution with higher demands. Over the last two years, the United States has faced an unprecedented series of attacks against the local government computer system, like in Baltimore in 2019 (which incapacitated some financial services), in Florida City in June 2019 (which made all the city’s online services unavailable) but also in France with, for example, an attack against a hospital in November 2019.
The last Internet Organized Crime Threat Assessment report by Europol highlights a decline in the number of victims of ransomwares due to the global awareness, the use of mobile devices, to which ransomwares are not fully adapted, and decline in the use of exploit kits. However, the report still lists ransomwares as the « most prominent threat » and expect them to stay at that place “as long as ransomware provides a relatively easy income for cybercriminals, and continues to cause significant damage and financial losses ».
- How do you catch a ransomware ?
Ransomwares usually infect computers with compromised attached files. However, other means of spreading are possible. The cybersecurity firm “malwarebytes” explains, for example, that ransomware can also be caught by “malvertising”. While surfing, an Internet user is sent to criminal servers without even clicking on an ad. Those servers collect information about the victim’s computers and send the malware they think the computers are the most vulnerable to. According to Malwarebytes, this malware is usually a ransomware.
- How to prevent ransomwares
First of all, simple rules of cyber hygiene can be enough to prevent ransomwares : don’t open attached files from unknown senders, get an antivirus who can recognize suspicious emails and websites and, most importantly, keep them updated, as virus signature change very easily. It is also extremely important to download software updates. For example, it has been revealed that the disastrous effect of the WannaCry ransomware could have been avoided if people had installed the new security patch that Microsoft had provided.
Furthermore, some solutions exist now to get to get rid of a ransomware, by managing to find the encryption key but they can only work on a certain type of a virus and must be suggested by an expert.
But the most efficient way to be ready for any kind of cyber threat is to always have a backup of all your data in a safe location and make sure they are up to date and working.
Arielle Chemla
M2 Cyberjustice — Promotion 2019-2020
Sources :
- Kapersky Blog, L’histoire du ransomware et son évolution en faits et chiffres, Alex Drozhzhin
- MalwareBytes Blog : Ransomware
- Avast Blog, The Evolution of Mobile Ransomware, Stefanie Smith
- Europol, Internet Organized Threat Assessment, 2019
- The New York Times, Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000, Patricia Mazzei, June 19, 201
- BBC News, Baltimore ransomware attack: NSA faces questions, Dave Lee, May 27, 2019
- ZDN.fr, CHU de Rouen : un ransomware au centre de l’attaque, Louis Adam,,20 Novembre 2019