The encryption Trojan “Jigsaw” terrorized Windows users in 2016.
The cases of encryption Trojans increased massively in 2021. Specialists warn that SMEs in particular would underestimate the risk. Now an obligation to report is required.
Often a single click on the wrong email paves the way for the encryption Trojan. Then the ransomware penetrates the system, encrypts all data – and often even jumps to connected network and cloud storage.
–
The cyber criminals who do this demand a ransom in order to release the data. On average, the claims according to the British IT security provider Sophos are CHF 156,000. The most common amounts are around 7,300 francs. Sometimes millions are involved.
–
Cyber blackmail cases are increasing significantly in Switzerland. In 2020, the Federal National Center for Cybersecurity received 67 reports. In 2021, as of December 14, there are already 156 reports, as Pascal Lamia, Head of Operational Cybersecurity, says. “The reports have increased significantly.”
–
–
What becomes known is only the tip of the iceberg
What is being reported to the Cyber Security Center is just the tip of the iceberg. “Since there is no general obligation to report cyber incidents in Switzerland,” says Pascal Lamia, “the number of unreported cases should be correspondingly high.”
–
This has called SP National Councilor Edith Graf-Litscher on the scene. In a postulate, it asks what the Federal Council is doing against cyberattacks using encryption Trojans. They have become “one of the greatest cyber threats to our economy and administration”.
–
–
Graf-Litscher wants the Federal Council to examine the obligation to report such attacks. “They shouldn’t take place in a darkroom,” she says. “It is important that we know where to start in order to promote cybersecurity.” At the same time, she wants to know from the Federal Council whether a Memorandum of Understanding (MoU) with the insurance companies is necessary. Such an agreement between the federal government and private insurers is under discussion – because private insurers often pay ransoms. This is confirmed by Jan Mühlethaler, Head of Communication at the Swiss Insurance Association SIA.
–
“The request came from the Center for Cybersecurity,” he says. “Of course, as private insurers, we do not shut ourselves off from such discussions with the authorities.” The aim is “that at best there is no payment of any solution money”. The cornerstones of an agreement are to be discussed by March.
–
Notification would increase cybersecurity
Private insurance companies often shell out at least part of the ransom. At Baloîse, for example, customers can optionally insure blackmail through the cyber product for SMEs with a sub-limit of up to 50,000 francs, as “Netzwoche” wrote.
–
Even more important for the Center for Cybersecurity is a reporting requirement. “With mandatory reporting for critical infrastructures, the risk of cyberattacks could be better assessed,” says Lamia. “The notification requirement could make a significant contribution to increasing cybersecurity in Switzerland.”
–
Encryption Trojans and extortions can affect businesses and individuals alike. “The attackers focus on all vulnerable systems, regardless of whether they are companies, authorities or private individuals,” says Lamia. It is therefore crucial that companies and organizations invest in cybersecurity, emphasizes SP National Councilor Graf-Litscher. “Smaller SMEs in particular have the impression that they are not of interest to cyber criminals. That is a dangerous misjudgment. Nobody can feel safe. “
–
What can blackmail victims do?
What can companies or private individuals do if they actually become victims of blackmail? “The Center for Cybersecurity recommends filing a criminal complaint with the responsible police authority in the event of extortion,” says Pascal Lamia. These would advise the victims on how to proceed, especially when communicating with the perpetrators.
–
If the data is encrypted and there is no backup, the victims should verify whether the key is already known, recommends the Center for Cyber Security. Tips on how to identify the pollutant goods and how to download keys that are already known can be found on the nomoreransom.org website. This is a project between the Dutch police and the European police authority Europol. Switzerland is represented by the Federal Office of Police.
–
However, it is better to prevent ransomware attacks with preventive measures. It is important that a functioning backup concept is in place, emphasizes the Center for Cybersecurity. The medium on which the backup copies are created must always be disconnected from the computer after the backup, i.e. it must be offline. Otherwise, the backup data may also be encrypted in the event of an attack. And thus useless.
—
