Together with partners, the Reporting and Analysis Centre for Information Assurance MELANI is organising an awareness day for ransomware today. The participants include organisations from various sectors, software manufacturers, federal offices and a range of Swiss associations and consumer protection organisations. SWITCH and the Swiss Internet Security Alliance (SISA) are supporting the theme day.
Ransomware (also known as "ransom Trojans" or "extortion Trojans") is a specific group of malware that is typically spread via harmful email attachments or hacked websites. Once infected, the ransomware encrypts files on the victim's computer and on any network drives (network shares) and storage media (e.g. USB sticks) connected to it. This renders the encrypted files unusable for the victim. If the files on the computer have been encrypted by the ransomware, it will display a "locked screen" to the victim. The message on the screen instructs the victim to pay the attackers a sum of money in a digital currency (e.g. bitcoins) so that they will release the encrypted files and the victim can use them again (extortion). Using a digital currency such as bitcoins makes it more difficult to trace the perpetrators.
However, meeting the attackers' demands and making the requested payment provides no guarantee that the victim will regain access to the encrypted files. Furthermore, a payment finances the attackers' business model, thus enabling them to continue the ransomware attacks and infect and cause damage to other victims.
Ransomware is not a new phenomenon: the first ransomware that locked a victim's computer in return for a ransom appeared in Switzerland as early as 2011. In recent months, however, there has been a huge increase in the number of ransomware victims in Switzerland. It is not just private users that have recently been targeted by ransomware attacks, but increasingly small and medium-sized enterprises (SMEs). While a ransomware attack on private users means they can no longer access their personal data, the effects of such an attack on companies is generally much more serious. Business-critical data such as contracts or client and accounting data are often encrypted and thus rendered unusable. This can quickly result in an emergency situation for the company, which unfortunately often causes it to pay the ransom in order to regain access to its data.
There is another way. Private users and SMEs can protect themselves from ransomware with the following three measures:
The Swiss Internet Security Alliance (SISA) is a joint initiative of Switzerland’s major Internet service providers and financial firms, the federal government and other partners with the aim of improving security on the Swiss Internet. Its vision is to make Switzerland the safest country on the Internet.