Every 40 seconds in the world, a company is the victim of a ransomware attack. Between paying quickly to see his data unlocked or resist and take the risk of losing them, what attitude to adopt?
With the ransomwares, the method used by the new cybermaster-singers is always the same: once the infected computer, usually via spam sent to a member of the company, access to the data is blocked and a message s’ displays on the screen with a ransom request.
To put pressure on the user, the hacker often appears as a legal authority (FBI, police, government site …) and explains that the computer was blocked because of allegedly illegal operations. A creepy countdown starts with a delay – usually very short – before which to pay. This very short time, sometimes a few hours, is precisely aimed at preventing the victims from conducting a thorough investigation into the origin and veracity of the attack.
Because a simple blocking of crucial data can have extremely serious consequences. 60% of UK companies have experienced a financial loss after a ransomware attack, while 24% have gone bankrupt, reports Osterman Research. As a result, 58% of victims pay the ransom demand in Great Britain. A figure that even reaches 78% in Germany.
Do not give in to precipitation
First tip: make sure of the reality of the attack. Attempts to bluff are indeed commonplace. Some unsophisticated ransomware are content to block access to the operating system. Make sure your data remains accessible through a hot spare or another computer. Seventy percent of ransomware-infected businesses have been able to recover their files on their own, according to a study by Vanson Bourne.
Alas, more and more hackers are using more malicious malware type CryptoLocker, which encrypt all files on the computer and even backups if they are connected to the network. “In this case, there are unfortunately few ways to thwart the encryption of files,” warns the publisher Malwarebytes security software. The temptation is great at this time to pay to recover the decryption key. However, this solution is still strongly discouraged. “The payment of the ransom does not guarantee the restoration of access to your files,” warns Malwarebytes. Once the sum paid, some pirates claim a new payment. “And you will surely become the target of new attacks. ”
Never forget that behind the malware is hiding a human being. “The hacker can be aggressive if he loses his temper, or give you more time if he thinks you’re trying to meet his requirements,” says consulting firm Mandiant consulting. In almost all cases, you will get at least one extra delay or even renegotiation. Californian hospital Hollywood Presbyterian, which had been asked for 9000 bitcoins (about 3.2 million euros) for a return to normal, finally agreed to pay, but only 40 bitcoins (15,000 euros), to restore its system.
In case of refusal, you must be aware that your data will probably never be retrieved. To avoid such disappointments, it is therefore essential to regularly back up the data outside the network, to have a copy easy to restore in case of attack.