Ransomware, a cyber threat with an exponential curve

During the International Cybersecurity Forum (ICF) which took place on January 30, 2020, Guillaume POUPARD, the General Director of the National Cybersecurity Agency of France (ANSSI), mentioned the multiplicity of ransomware cyber attacks. On this subject, he also points out that “Hospitals, communities and administrations must be prepared to face the exponential curve of ransomwares”.

What is a ransomware?

A ransomware, also known as cryptolocker, is a malicious software that hijacks personal and/or confidential data of an individual or all or part of an organization in order to extort money from them.

The principle is simple: the attacker enters the target machine using a Trojan Horse and encrypts the victim’s data via a random symmetric key and a fixed public key. In this way, the hacker is the only one who can decrypt the victim’s data because only he has the private key. If the victim wants to recover the private key, which decrypts the encryption, he will have to send money – a ransom – to the hacker, hence the name of this malware: the ransomware. Generally, the ransom is paid in a digital currency, known as “cryptocurrency” such as Bitcoin or Monero; these currencies are widely used by hackers because of their anonymous, cryptographically based payment protocol.

A cyber threat with an exponential curve

Bad news for the coming years, ransomware attacks will grow exponentially:

• not only the number of ransomware attacks will increase, but also their cost. In a few years, the ransom prices have increased dramatically.
• criminal groups are more and more inventive and organized.
• viruses are ready-to-use, virulent and cheap. They are well-documented in terms of configuration and use, so that neophyte hackers eager for quick and easy money can serve as unskilled workers.
• more and more attackable devices not necessarily secure, and more and more multi-connected information systems which are potentially vulnerable.

The attackers are cybercriminals who, through very dazzling attacks, put enormous pressure on important targets such as institutions, entities categorized as Essential Service Operators (ESO) or Operators of Vital Importance (OVI), major accounts or government structures in order to collect huge amounts of cryptocurrency, explained Guillaume POUPARD.

What to do in case of a ransomware attack?

On the moment, being victim of a ransomware cyber attack can shock or panic the most fragile individuals. That’s why adopting the 7 good reflexes from the government website Cybermalveillance.gouv.fr can help you successfully overcome this crisis situation.

Among these 7 wise recommendations, one of them is particularly valuable: never pay the ransom demanded, because no matter how much you lose financially, you will never be sure to recover your data.  Instead, try to get assistance from qualified professionals who can help you decrypt your data.