Ransomware: State worries about unprecedented increase in attacks
Ransomware attacks are a type of threat that explodes and escalates reinvents according to Anssi, which publishes a guide for companies.
In partnership with the Department of Criminal Affairs and Pardons of the Ministry of Justice, the National Agency for the Security of Information Systems (Anssi) publishes an awareness guide to Ransomware attacks (PDF).
Ransomware (or ransomware) is this type of malicious program intended to obtain payment of a ransom from a targeted victim. During an attack and infection, for example, files are encrypted, sometimes to the point of rendering a system unusable.
To decrypt data with a suitable key, cybercriminals frequently demand payment of a cryptocurrency ransom. A ransomware attack can also be coupled with data exfiltration which is another means of pressure and blackmail with a threat of disclosure of confidential information.
According to the ‘Anssi, cybercriminal groups are increasingly targeting companies with large financial means, and even organizations linked to critical activities. So-called Big Game Hunting attacks with an increasingly high level of sophistication.
Since the start of the year, Anssi indicates that it has dealt with 104 ransomware attacks, whereas over the whole of last year only 54 attacks had been mentioned. “ It is urgent for businesses and communities to implement measures to prevent ransomware attacks and learn how to react when it is too late “, says François Deruty, deputy director Anssi operations.
This is the subject of the guide with several good practices – which echo the Anssi computer hygiene guide – and subsequent measures to be taken. It is punctuated by testimonials from IT managers at Rouen hospital, the M6 group and the Fleury Michon group, all of whom were affected in 2019 by ransomware attacks.
Data backup advice, put updating of the software park, limitation of user rights and awareness, partitioning of the information system, logging policy on the various resources of the information system are listed in particular.
#Friday Reading Discover the new guide “Attacks by # ransomware, all concerned”, from @ ANSSI_FR and @justice_gouv, bringing together testimonials from victims and good # digital security practices to anticipate and react in the event of an incident
? https://t.co/sHvaKRKAn5 pic.twitter.com/vOrZ4hJByX
– ANSSI (@ANSSI_FR) September 4, 2020
In the event of an attack, the guide directs for example towards a disconnection at the earlier, uninfected backup media, technical assistance with specialized service providers (in particular via the cybermalveillance.gouv.fr platform), while the encrypted data must be kept knowing that decryption solutions can be made public (see the No More Ransom project).
The Anssi recommends in any case to file a complaint with the police or gendarmerie, and… not to pay the ransom. “ Payment does not guarantee obtaining a means of decryption, induces cybercriminals to continue their activities and maintains this fraudulent system. […] Experience shows that obtaining the decryption key does not allow not always to reconstruct all the encrypted files “, we can read.
Across the Atlantic, the FBI also recommends not to pay the ransom, but has a more vague message saying understand that “ companies will assess all options to protect their shareholders, employees and customers. ”