Some are moved by it, others rejoice. The former, those who cannot register the sale of their home or the creation of a business, are desperate; the latter, who fail to pay their parking fines, are smiling. All, and even more the public administration of Baltimore, in the United States, are paying the price of ransomware, a very widespread type of computer virus whose purpose is simple: to ransom its victims.
The mechanics are simple: a user of an information system – of a computer network, in other words – opens a malicious e-mail, double-clicks his enticing attachment, and lets in the evil. Evil is a program that locks all documents, sometimes all applications, across the network. Users then no longer have access to their usual programs and / or to their data.
In Baltimore, since May 7, this has had a consequence: it is impossible to register any administrative act. At least as long as the city has not agreed to pay what the hackers demand – their demand is displayed on the screens of connected computers: 13 bitcoins, or more than 100,000 euros, to “free” the systems, with the threat total data loss if the ransom is not paid within ten days, reports the Baltimore Sun.
We won’t talk any more, all we understand is MONEY! Hurry up! Tick tock tick tock tick tock!
The deadline has passed, the data is still at risk, but the ransom has not been paid. Therefore, do you have to pay? The experts are divided.
Pay, or lose!
For hackers, as for their marine counterparts in the past, attacking a business or administration is more profitable than attacking Mr. Everyone. Simple question of scale. For an organization, the loss of earnings induced by the freezing of activities can justify offloading a good sum so that business resumes.
To the question of paying – or not – the answer is simple: if you want to restart the machine quickly, you have to pay the ransom. Especially since for the supporters of this option, blackmailers manage a business above all. They have an interest in what you pay, so that others do later. And the best publicity for their business model is that the payment is followed up.
Some even see it as a virtue: by penetrating your systems, hackers have revealed a flaw. Think of the ransom, therefore, as a bounty paid to those who detected the bug. The argument is dubious, but it can push the pill.
In recent years, “ransomware” has become one of the most popular practices among those who want to make money easily and quickly.
The IBM X-Force Threat Intelligence Index report states that nearly 70% of ransomed companies have agreed to pay. However, does the ransom guarantee a return to normal?
The CyberEdge group, which advises companies in their marketing strategy, is quite skeptical. From a study carried out in 2018 among 1,200 IT security professionals, it emerges that of ransomware victims, 17.5% paid the ransom without actually recovering their data.
Protect yourself, and go!
Most often, it is the security experts who advise against paying. Because they are the first in line to get you out of the rut. Or even to help you avoid falling into it. Without any guarantee, because the “malware”, these vectors of infection, sometimes come from where we did not expect them (from the NSA, for example), but also because curiosity (and stupidity) is a matter of human nature (don’t open attachments without thinking!).
The reasons for not paying are legitimate. Starting with the fact that among the companies attacked in 2018 by ransomware, almost one in two did not pay without losing their data. Which suggests that winning the case for blackmailers is not necessarily the key.
Today, few companies or institutions have not set up backup systems, often redundant. In 2016, the French Ministry of Transport was under attack. And already, the boss of the National Agency for the Security of Information Systems (Anssi), Guillaume Poupard, tempered his scope: “It is often in these moments that, as everywhere, we realize that [la prévention] was a little neglected[e]. But if the backups were done correctly, in general, it will “, he explained to ZDNet.
Since then, there are few major cases, such as that of Baltimore, in which no parade has been found. Already, in 2016, answers were found by benevolent developers. This is still the case today, even if, specifies the computer forum Bleeping Computer, “no solution can decrypt the files for free”.
But should we panic?
The 2019 edition of the IBM X-Force report is the end of ransomware. “It doesn’t pay anymore”, says the security division of Big Blue, which notes that attacks of this kind have halved in 2018. An observation that could be clarified: “It doesn’t pay as much as it used to”, or “It pays less than …” In fact, at 7,770 euros for 1 bitcoin, today it is more profitable for hackers to “manufacture” bitcoin than to extract it.
In other words, IBM believes, computing resource hacking is the most profitable business today, and hackers are not shying away from it. For the victims, it is less painful: most of the time, hackers break into machines to make them work to “mine” bitcoin, to create virtual currency without this activity compromising the functioning of the systems.
And generating bitcoin is almost legal.
–