It is, in fact, general that attacks based on ransom programs are becoming more and more constant.
These attacks are multiplying in plain sight. Not a week goes by without a detecting or reporting such incident. The preferred targets in these cyberattacks are businesses and local authorities. In recent months, more than a dozen French communities and about 20 companies have been caught up in this cyber-malleneence.
This article will also interest you: Ransomware: pay or not to pay?
What situation, marked by a progressive frequency and danger, challenges the actors of these entities. It's time to think about cybersecurity strategy in terms of priority. To do this, resources must be deployed, strategies put in place and a good dose of the right senses to guard against this phenomenon.
From a practical point of view, malware intended for ransoming proliferates. This is despite the operation that remains virtually similar, regardless of the group of cyber criminals who initiate it. The basis of this practice is to simply encrypt access to the data to the principal holder, requiring payment of a specified ransom for the decryption key. With the coronavirus health crisis that has shaken the world and pushing for the adoption of large-scale telework, cybercriminals could not have dreamed better, to accentuate their paths. Moreover, "The digitization of services and dematerialization are increasing in communities, so the risks too, We want to digitize without necessarily taking into account the risks, it's like jumping out of a plane without a parachute. Jean-Jacques Latour, an expert on the cybermalveillance.gouv.fr platform, a government IT risk awareness service.
According to the authorities, reports of ransomware attacks have literally exploded compared to last year. These computer incidents are mostly caused by very well-organized groups of cybercriminals. "This is not a single criminal group that controls everything. Hackers are in contact with each other through social networks and complement each other by making their know-how available to others: preparing software, sending messages, identifying vulnerabilities, capturing data, laundering data and money… explains François-Xavier Masson, Director of the Central Office for Combating Information and Communication Technology Crime.
To allow other entities to take appropriate measures to protect themselves, several local authorities have given testimonies and feedback in anonymity. "We want to avoid being exposed and therefore giving marbles to the attackers," explains the head of information systems (DSI) of a local authority, victim of an attack a few months ago. Most often, computer attacks start either on Friday nights or during the weekend. "Once the hackers have managed to get into the network, they stay for days or even weeks. They spot assets, destroy backups if they succeed, and choose the time for attack: when the pressure is highest. Jean-Jacques Latour.
Computer security experts generally recommend that the damage caused by the cyberattack be reviewed as a first step. "They found the backup servers and blew them up," recalls the information system manager. "We lost all our work data, our file server, the dashboards. Fortunately, we were able to recover some of the data from our providers," revealed an Assistant Executive Director (DGA) of a community attacked last year. In addition, every effort should be made to facilitate the identification of signals that cybercriminals could leave behind, and then forward them to the National Training Systems Security Agency and to the authorities to whom complaints should be made. "You have to get as much information and logs as possible to analyze them," said a computer security official in a French metropolis.
It is noted, however, that no community has so far paid a fine demanded by cyber criminals. Moreover, "It is recommended never to pay," says the National Information Systems Security Agency in its guide on the subject. "By paying, you are feeding the criminal system; above all, you are not guaranteed to find your data," adds François-Xavier Masson.
Now access an unlimited number of passwords: