News

Swiss Ransomware Theme Day

Together with partners, the Reporting and Analysis Centre for Information Assurance MELANI is organising an awareness day for ransomware today. The participants include organisations from various sectors, software manufacturers, federal offices and a range of Swiss associations and consumer protection organisations. SWITCH and the Swiss Internet Security Alliance (SISA) are supporting the theme day.

Published on 19.05.2016

Ransomware (also known as "ransom Trojans" or "extortion Trojans") is a specific group of malware that is typically spread via harmful email attachments or hacked websites. Once infected, the ransomware encrypts files on the victim's computer and on any network drives (network shares) and storage media (e.g. USB sticks) connected to it. This renders the encrypted files unusable for the victim. If the files on the computer have been encrypted by the ransomware, it will display a "locked screen" to the victim. The message on the screen instructs the victim to pay the attackers a sum of money in a digital currency (e.g. bitcoins) so that they will release the encrypted files and the victim can use them again (extortion). Using a digital currency such as bitcoins makes it more difficult to trace the perpetrators.

However, meeting the attackers' demands and making the requested payment provides no guarantee that the victim will regain access to the encrypted files. Furthermore, a payment finances the attackers' business model, thus enabling them to continue the ransomware attacks and infect and cause damage to other victims.

Ransomware is not a new phenomenon: the first ransomware that locked a victim's computer in return for a ransom appeared in Switzerland as early as 2011. In recent months, however, there has been a huge increase in the number of ransomware victims in Switzerland. It is not just private users that have recently been targeted by ransomware attacks, but increasingly small and medium-sized enterprises (SMEs). While a ransomware attack on private users means they can no longer access their personal data, the effects of such an attack on companies is generally much more serious. Business-critical data such as contracts or client and accounting data are often encrypted and thus rendered unusable. This can quickly result in an emergency situation for the company, which unfortunately often causes it to pay the ransom in order to regain access to its data.

There is another way. Private users and SMEs can protect themselves from ransomware with the following three measures:

3 tips for protecting against ransomware

  1. Make a backup of your data regularly. The backup should be stored offline, i.e. on an external medium such as an external hard disk. You should therefore make sure that the medium where the backup is saved is disconnected from the computer after the backup procedure is complete. Otherwise the data on the backup medium might be encrypted too and rendered unusable in the event of a ransomware attack.
  2. Exercise caution when dealing with emails. Do not open any email attachments that you receive unexpectedly or that come from people unknown to you, and do not click on any links.
  3. Always keep installed software and plug-ins up to date. Make sure that all installed software, apps and browser plug-ins (such as Flash Player, Java) are up to date at all times. Whenever possible, use the software's automatic update function.

Links to further information

About SISA

The Swiss Internet Security Alliance (SISA) is a joint initiative of Switzerland’s major Internet service providers and financial firms, the federal government and other partners with the aim of improving security on the Swiss Internet. Its vision is to make Switzerland the safest country on the Internet.