The last few months have been without a doubt the most alarming in terms of cyber security. In the last few weeks, ransomware attacks have multiplied and represent a real danger for health institutions, local authorities and companies (SMEs, SMIs, ETIs).
But first of all: what is ransomware ?
Ransomware, also known as ransomware, crypto-lock software, cryptovirus or crypto-lock virus, is a malicious program whose objective is to obtain payment of a ransom from the victim.
Cybercriminals, lured by the money, try to enter a computer system in order to encrypt your data by means of cryptographic mechanisms so that you can no longer or hardly ever use it. The hacker will then send an unencrypted message to the victim, offering to recover the entire data in exchange for a ransom payment.
The only option is to pay the ransom, but this obvious option is very dangerous and not recommended. Indeed, it is not certain that the data will be recovered and this will further encourage the hacker to repeat the attacks.
What to do when faced with a ransomware attack ?
By the time you discover the attack, it is often already too late. Nevertheless, there are some important things you should know:
- Switch off all your machines
- Notify your IT department or your service provider
- Do not pay the ransom!
- File a complaint with the police
What should be done to prevent the risk of a ransomware attack ?
Several studies show that incidents are due to several security failures such as :
- Insufficient partitioning between different servers ;
- Lack of automated detection of massive encryption ;
- Lack of backup ;
- Lack of staff awareness of good practices to follow ;
Do you have to notify the data breach to your supervisory authority ?
From the moment there is a data breach and there is a risk to the privacy of individuals, notification is necessary. This must be done as soon as possible and at the latest within 72 hours of becoming aware of the breach.