Ransomware attack: don't give in to blackmail by hackers and cleverly foil their traps

All is well in the best of worlds. You start your working day calmly, switch on your computer and then... tragedy strikes! You can no longer access your files unless you pay a large sum of money!

The conclusion is clear: your company has been the victim of a ransomware attack.

This is not a virus to be taken lightly. Ransomware, blackmail... it can have a major impact on your organisation's economy, as well as having legal repercussions and damaging your brand image.

But don't panic, there are ways to protect your devices from this malware.

What is ransomware? How can you protect yourself against it, or eliminate the threat once it has contaminated your company's systems?

Here's how.

See all software Antivirus

What is a ransomware attack?

How does ransomware work?

Ransomware, a member of the happy family of malware, refers to malicious software that installs itself on your devices to create havoc, until you are asked to pay a ransom to unblock the situation. Also known as ransomware 🇫🇷 or cryptolocker, they have become particularly popular since the 2010s.

More specifically, ransomware gains access to your machine, for example by downloading an attachment. It then attacks :

• your entire operating system,
• or specific files:
  • on the infected computer
  • shared on a network
  • stored on a device where the victim has administrative rights, etc.

In the second case, the malware encrypts the files in question. What can be done? The hacker demands a ransom, usually in the form of cryptocurrency, in exchange for an encryption key.

☝️ Note: in the case of corporate malfeasance, hackers sometimes threaten to divulge the sensitive data they have accessed.

This type of virus affects all operating systems (Windows, Linux, Mac, etc.), but also all types of device, such as smartphones.

What are the main ransomware attacks?

There are two main types of ransomware:

• Locker ransomware: here, the ransomware blocks basic computer functions, such as access to your desktop. However, data is not necessarily compromised.
  
  
• Crypto ransomware: this encrypts specific data, without blocking the use of your computer. This is the attack most feared by professionals, because it has a major impact on the smooth running of business, and potentially attacks confidential information.

Other forms of ransomware have also developed:

• Scareware: the hacker infects your system, then presents himself as a (fake) service provider to eliminate the threat.
  
  
• Doxware: THE bête noire of companies, because the hacker threatens to distribute the personal and sensitive data affected. This virus is so compromising for organisations that some sometimes feel it is more "profitable" to pay the ransom in view of the heavy financial consequences following the leak of such information.

💡 Find out more about the definition of this virus and discover the list of known ransomware in our dedicated article.

Prevention before cure

Optimal protection against ransomware is no longer an option for businesses: the threat is very real! In fact, the number of ransomware attacks in France in 2021 has risen sharply:

By 30 November, the Cybermalveillance.gouv.fr portal had received almost 1,700 requests for assistance for attacks involving ransomware.

LeMagIT

That's why it's so important to take a preventive approach and understand how ransomware works. Prevention, rather than cure, simply means avoiding a malware attack.

Here are a few best practices to follow:

• ✅ Use antivirus-type security devices and update them regularly to stay protected against the latest ransomware developments.
  
  
• ✅ Configure your firewalls correctly.
  
• ✅ Carry out system and software security updates on the organisation's devices.
  
  
• ✅ Carry out regular backups of company data and systems in order to recover them in the event of a ransomware attack.
  
  
• ✅ Adopt an effective password policy to protect your data: complex passwords, multi-factor authentication, regular renewal of passwords, etc.

And of course, all employees should avoid certain basic "mistakes" that could introduce malware, such as :

• Downloading attachments or clicking on links in dubious e-mails, particularly if the sender is unknown or the e-mail configuration seems unusual;
• Downloading suspicious or pirated applications;
• Browsing suspicious websites, particularly illegal sites;
• Using an account with administrator rights to surf the web or check email;
• Not switching off devices when not in use.

As you can see, employee behaviour can be a major vector for ransomware attacks. Many employees are simply unaware of the dangers involved. That's why it's important to make them aware of the issue.

💡 Some software offers a real advantage in this respect. For example, Mailinblack, with its Phishing Coach tool, allows you to simulate cyber attacks, particularly by ransomware, appearing completely authentic, all in a secure environment. In this way, you can accurately identify risky behaviour. What's more, the solution supports your employees by training them using fun, personalised content.

What if the ransomware has got you?

Too late, the virus has reached your devices.

Find out how to react!

Step 1: Detect the presence of ransomware

Detecting the virus as early as possible will speed up the "recovery" of your machines. Of course, your antivirus software can alert you to the presence of ransomware.

Another clue: your documents have changed name and are no longer accessible. Exotic" file extension names are also revealing. For example: .thor, .ezz, .exx, .aaa, .abc, etc.

Example of files encrypted following a ransomware attack:

Finally, there are other things that can tip you off, such as abnormal processor activity or dubious network communication.

Step 2: Eliminate the threat

Once the virus has been detected, prevent it from spreading through your systems at all costs. To do this, identify and then disconnect all affected devices from your network, whether wired or wireless. This recommendation applies to all types of devices, such as external hard drives, USB sticks or storage spaces hosted in the cloud.

Then carry out a full antivirus scan using appropriate IT security software. This will then be able to delete the ransomware or quarantine it so as to stop its activities.

💡 More experienced users can also remove the virus manually. Consult specialist forums: you'll find advice tailored to the nature of the ransomware concerned.

Step 3: Recover the data

Finally, you need to recover the affected files.

Do you make regular back-ups? The good news is that you can simply restore the data saved before the ransomware attack.

If not, all you have to do is try to decrypt the affected documents, using online tools such as Crypto Sheriff. Note, however, that depending on the virus and the complexity of the algorithms, decryption can sometimes prove impossible. Hence the importance of regularly backing up your data.

💡 If you have been the victim of a locker, it may be necessary to carry out a full restoration of the affected systems.

Pay the ransom?

Are you tempted to pay the ransom?

Unsurprisingly, we don't recommend it.

Responding to blackmail by hackers is no guarantee that your data will be recovered or that they won't come back at you some time later. What's more, you are encouraging the practice of this cybercrime.

See all software Antivirus

What should I remember about a ransomware attack?

Ransomware is not a virus to be taken lightly. Increasingly widespread, they have compromised the security and integrity of many businesses in recent years.

Admittedly, most ransomware can be deleted. But as algorithms evolve, it is sometimes impossible to completely counter the threat and restore your data.

That's why one of the best methods of protection is prevention. Raise your staff's awareness of the issue, explain the best practices to adopt... and you'll be building the strongest bulwark against ransomware attacks.