Ransomware attack: don't give in to blackmail by hackers and skilfully foil their traps

All is well in the best of all possible worlds. You start your working day in peace, switch on your computer and then... tragedy strikes! You can no longer access your files unless you pay a large sum of money!

The conclusion is clear: your company has been the victim of a ransomware attack.

This is not a virus to be taken lightly. Ransomware, blackmail... it can have a major impact on your organization's economy, as well as having legal repercussions and damaging your brand image.

But don't panic: there are ways to protect your devices from this malware.

What is ransomware? How can you protect yourself against it, or eliminate the threat once it has contaminated your company's systems?

Here's how.

See all software Antivirus

What is a ransomware attack?

How does ransomware work?

Ransomware, a member of the happy family of malware, refers to malicious software that installs itself on your devices to make a mess, until you are asked to pay a ransom to unblock the situation. Also known as ransomware 🇫🇷 or cryptolocker, they have become particularly popular since the 2010s.

More concretely, ransomware gains access to your machine, following the download of an attachment for example. It then attacks :

• your entire operating system,
• or specific files:
  • on the infected computer,
  • shared on a network,
  • stored on a device where the victim has administrative rights, etc.

In the second case, the malware encrypts the files in question. What can be done? The hacker demands a ransom, usually in the form of cryptocurrency, in exchange for an encryption key.

☝️ Please note: in cases of corporate malfeasance, hackers sometimes threaten to disclose the sensitive data they have accessed.

This type of virus affects all operating systems (Windows, Linux, Mac, etc.), but also all types of device, such as smartphones.

What are the main ransomware attacks?

There are two main types of ransomware:

• The ransomware locker: here, the ransomware blocks basic computer functionality, such as access to your desktop. Data is not necessarily compromised, however.
  
  
• Crypto ransomware: here, the ransomware encrypts specific data, without blocking the use of your computer. This is the attack most feared by professionals, as it has a major impact on the smooth running of business, and potentially attacks confidential information.

Other forms of ransomware have also developed:

• Scareware: the hacker infects your system, then presents himself as a (fake) service provider to eliminate the threat.
  
  
• Doxware: THE corporate bête noire, as the hacker threatens to distribute the personal and sensitive data affected. This virus is so compromising for organizations that some sometimes feel it's more "profitable" to pay the ransom in view of the heavy financial consequences following the leak of such information.

💡 Learn more about the definition of this virus and discover the list of known ransomware in our dedicated article.

Prevention before cure

Optimum protection against ransomware is no longer an option for businesses: the threat is very real! In fact, the number of ransomware attacks in France in 2021 has risen sharply:

By November 30, the Cybermalveillance.gouv.fr portal had received almost 1,700 requests for assistance with ransomware attacks.

LeMagIT

That's why it's important to adopt a preventive posture, to understand how ransomware arrives. Prevention, rather than cure, simply means avoiding a malware attack.

Here are a few best practices to follow:

• ✅ Use antivirus-type security devices and update them regularly to stay protected against the latest ransomware evolutions.
  
  
• ✅ Configure your firewalls correctly.
  
• ✅ Carry out system and software security updates on the organization's devices.
  
  
• ✅ Perform regular backups of company data and systems to recover them in the event of a ransomware attack.
  
  
• ✅ Adopt an effective password policy to protect your data: complex passwords, multi-factor authentication, regular renewal of passwords, etc.

And of course, all employees should avoid certain basic "mistakes" that could introduce malware, such as:

• Downloading attachments or clicking on links in dubious e-mails, especially if the sender is unknown or the e-mail configuration seems unusual;
• Downloading suspicious or pirated applications;
• Surf suspicious websites, especially illegal ones;
• Use an account with administrator rights to surf the web or check e-mail;
• Not switching off devices when not in use.

As you can see, employee behavior can be a major vector for ransomware attacks. Indeed, many employees are simply unaware of the dangers involved. That's why it's important to make them aware of the issue.

💡 Some software offers real benefits in this respect. Mailinblack, for example, with its Phishing Coach tool, lets you simulate cyberattacks, particularly by ransomware, appearing completely authentic, all in a secure environment. In this way, you can precisely identify at-risk behavior. What's more, the solution supports your employees by providing training through fun, personalized content.

What if the ransomware has got you?

Too late, the virus has reached your devices.

Find out how to react!

Step 1: Detect the presence of ransomware

Detecting the virus as early as possible will speed up the "healing" of your machines. Of course, your antivirus software can alert you to the presence of ransomware.

Another clue is that your documents have changed name and are no longer accessible. Exotic" file extension names are also revealing. For example: .thor, .ezz, .exx, .aaa, .abc, etc.

Example of encrypted files following a ransomware attack :

Finally, there are other things that can tip you off, such as abnormal processor activity or suspicious network communication.

Step 2: Eliminate the threat

Once the virus has been detected, you need to prevent it from spreading through your systems at all costs. To do this, identify and disconnect all affected devices from your network, whether wired or wireless. This applies to all types of devices, including external hard drives, USB sticks and cloud storage.

Then carry out a full antivirus scan using suitable computer security software. The latter will then be able to remove the ransomware or quarantine it so as to halt its activities.

💡 For the more experienced, it's also possible to remove the virus manually. Consult specialized forums: you'll find advice tailored to the nature of the ransomware concerned.

Step 3: Data recovery

Finally, you need to recover the affected files.

Do you make regular backups? Good news: all you need to do is restore the data you saved before the ransomware attack.

If not, all you have to do is try to decrypt the affected documents, using online tools such as Crypto Sheriff. Note, however, that depending on the virus and the complexity of the algorithms, decryption can sometimes prove impossible. Hence the importance of regularly backing up your data.

💡 If you've been the victim of a locker, it may be necessary to carry out a full restoration of affected systems.

Pay the ransom?

Tempted to pay the ransom?

Unsurprisingly, we don't recommend it.

Responding to blackmail by hackers is no guarantee that your data will be recovered, or that they won't come back at you some time later. What's more, you're encouraging the practice of this cybercrime.

See all software Antivirus

What can I learn from a ransomware attack?

Ransomware is not a virus to be taken lightly. Increasingly widespread, they have compromised the security and integrity of many businesses in recent years.

Admittedly, most ransomware can be removed. But as algorithms evolve, it is sometimes impossible to completely counter the threat and restore your data.

That's why one of the best methods of protection is prevention. Raise your staff's awareness on the subject, explain to them the best practices to adopt... and you'll be building the strongest bulwark against ransomware attacks.