Ransomware: definition, how it works and how to protect yourself

Picture the scene: you arrive at the office on a Monday morning, coffee in hand, ready to conquer the world (or at least your to-do list). But then tragedy strikes. Your computer screen displays a threatening message: all your files are blocked and inaccessible. To get them back, strangers demand a hefty sum in cryptocurrency.

Congratulations, you've just encountered ransomware.

If you think this only happens to other people, think again. Even the tech giants and platforms we use every day are in the crosshairs. Recent news reports have highlighted how cybercriminals are exploiting popular services such as Discord to spread malware or exfiltrate data, showing that nobody is really safe.

Don't panic! This type of malware, also known as "ransomware" in good French, is unfortunately one of the most dreaded common cyberattacks by businesses. But as with any movie villain, knowing its plan and weaknesses is the best way to beat it.

So take a deep breath. We'll tell you all about this digital pirate, with less jargon and more solutions.

What is ransomware?

Ransomware is a type of malware whose aim is to hold your data hostage and demand a ransom for its return. It's a bit like the bank robber of the digital world, except that instead of emptying your safes, it padlocks your most precious files.

The principle is simple: cybercriminals infiltrate your computer system, encrypt your data to make it unreadable, and leave you a message with instructions for payment. If the victim pays the ransom, they receive (in theory) the decryption key to recover their files.

This criminal business is so lucrative that it has even given rise to RaaS (Ransomware-as-a-Service). No, it's not a new streaming service. It's a model where hackers develop the ransomware and "rent" it out to other, less coding-savvy cybercriminals, in exchange for a percentage of the ransom collected. The Uberization of crime, in short.

How does ransomware work? The main steps

A ransomware attack usually unfolds in three acts, like a bad thriller.

Act 1: Discreet infiltration

This is when the malware enters your system. The most common techniques are :

• Phishing: A seemingly legitimate e-mail (an invoice, delivery notification...) containing a malicious attachment or booby-trapped link. One careless click and the door is open.
• Social engineering: techniques of psychological manipulation to induce you to divulge information or perform a dangerous action.
• Exploiting security loopholes: Hackers scan networks for unpatched vulnerabilities in software, servers and operating systems, and then exploit them.

Act 2: Silent encryption

Once inside, the ransomware goes to work. It identifies important files (documents, databases, photos...) on your computer and, potentially, on your entire corporate network. It then uses a complex encryption key to lock them one by one. At this stage, you may not notice anything. The software is designed to be as discreet as a ninja.

Act 3: The ransom demand

The final touch. The ransomware has finished its work and finally reveals itself. A message appears on the screen of the infected device. It announces that your files have been encrypted and gives you an ultimatum: pay a certain sum (often in Bitcoin to guarantee the attackers' anonymity) by a certain deadline, or your data will be deleted or disclosed on the dark web.

What are the consequences of a ransomware attack?

The consequences of a ransomware attack go far beyond simply paying a ransom. For a company, the impact can be devastating.

• Business paralysis: no access to customer files, accounting, projects in progress... The whole company comes to a grinding halt.
• Colossal financial losses: Between the cost of the ransom (if paid), lost sales due to inactivity, and the cost of restoring systems, the bill can quickly run into millions of dollars.
• Reputational damage: Telling your customers and partners that their data has been compromised is a blow to trust and your brand image.
• Leakage of sensitive data: This is the "double extortion" trend. Not only do hackers encrypt your data, they steal it beforehand and threaten to publish it. We saw this recently with a data leak at Discord, where internal information was put up for sale on the dark web. Even without direct encryption, the threat of disclosure serves as a blackmail tool, a tactic typical of ransomware groups.

How can I protect myself effectively against ransomware?

The good news is that turning yourself into an impregnable fortress isn't all that complicated. Protection against ransomware relies on a combination of common sense, best practices and the right tools.

1. Raise your teams' awareness: People are often the first weak link. Train your staff to recognize phishing e-mails and to be wary of suspicious attachments. The golden rule: when in doubt, don't click!
2. Make regular backups: It's your digital life insurance. Back up your important data regularly on external media or a cloud disconnected from your main network. If you're hit, you'll be able to restore your files without giving in to blackmail.
3. Update your systems: Systematically apply security updates to your software, operating system and antivirus software. They correct loopholes that hackers love to exploit.
4. Use the right tools: A high-performance antivirus, a well-configured firewall and an e-mail filtering solution are essential. Remember to equip yourself with the right cybersecurity tools for optimum protection.
5. Limit access rights: Each user should only have access to the data and applications required for their job. This way, if an account is compromised, the damage will be limited.

How to react to ransomware attacks?

If the worst happens, here's what to do.

1. Isolate the infected machine: Immediately disconnect the computer from the network (remove Ethernet cable, cut Wi-Fi) to prevent the ransomware from spreading to other devices.
2. Don't pay the ransom: This is the recommendation of all cybersecurity agencies. Paying doesn't guarantee you'll get your data back, and it funds the criminal industry.
3. Contact the experts: Call in your IT department or an incident response specialist. They'll help you assess the situation and eradicate the malware.
4. File a complaint: File a complaint with the gendarmerie or police and report the attack on the government platform cybermalveillance.gouv.fr.
5. Restore and rebuild: Once the threat has been eliminated, you can restore your data from healthy backups and completely clean up affected systems.

Frequently asked questions about ransomware

What's the difference between ransomware and computer viruses?

It's a bit like comparing a kidnapper and a vandal. A classic virus seeks to spread and damage a system. Ransomware, on the other hand, doesn't aim to destroy: it has a business model. It encrypts files to render them unusable and demands a ransom in exchange for the decryption key.

Should I pay a ransom in the event of a ransomware attack?

The trick question! Faced with panic, the temptation to give in to blackmail is great. Yet the experts' unanimous answer is: no, no and no.

Paying the ransom means :

• Encourage cybercriminals to continue their dirty business.
• Take the risk of never receiving the decryption key (yes, thieves have no guarantee of this).
• Identify yourself as a "high-paying" target and expose yourself to future attacks.
• Exposure to prosecution. In France, financing criminal activities is punishable by up to 5 years'imprisonment and a 375,000 euro fine. That's an expensive click.

Who should I contact in the event of ransomware?

1. Your IT service provider or cybersecurity specialist (like _rzilient, for example!).
2. The platform cybermalveillance.gouv.frplatform, which will put you in touch with professionals and guide you.
3. The police to file a complaint (Police or Gendarmerie).

The best solution is prevention. With _rzilient, you can choose to protect your business in advance. By delegating the monitoring of your IT assets and the management of your security to us, there's no need to panic. We prevent these attacks for you, and if an incident does occur, we're already there to deal with it.

‍