What is ransomware?

img-post
Blog
Cybersecurity

Rédigé par colas Bonvicini , 8 July 2024

Explanation for newcomers:

Composed of “ransom” and “ware”, a suffix of the English word “software”, ransomware is malicious software which, once introduced into a computer system, blocks its use and displays a ransom message on the screen in exchange for the return of control of a device or a fleet of devices.

This can apply to a single computer, or to a fleet of computers, immobilizing all these devices while you get rid of this malware (malicious software), either by paying the ransom, or by finding the right IT team to get rid of the problem.

In more advanced terms:

In other words, ransomware is a type of malware that encrypts a victim’s files, making the data inaccessible until a ransom is paid for the decryption key.

These attacks can paralyze businesses, hospitals and even critical infrastructures. Ransomware is often propagated via phishing or unpatched software vulnerabilities.

How does ransomware work?

To illustrate the impact of ransomware, let’s consider a simulation where a company is attacked.
For this example, we propose a 5-step process:

  1. Initial infection: an employee opens a phishing e-mail containing a malicious link. When he clicks on it, a ransomware program is discreetly installed on his computer.
  2. Data encryption: the ransomware starts by encrypting the user’s files, then quickly spreads to other machines on the network.
  3. Ransomware: the user sees an on-screen message demanding a bitcoin ransom to decrypt the files. The company’s critical files are now inaccessible.
  4. Business paralysis: company operations are interrupted, resulting in significant financial losses and reputational damage.
  5. Resolution: the company must choose between paying the ransom (with no guarantee of file recovery) or restoring the data from backups, if they exist and are recent.

Ransomware, one of hackers’ favorite tools

On the podium of malicious practices most used by hackers in 2023 that target businesses, there are :

  • account hacking, which accounts for 23.5% of attacks,
  • phishing, which accounts for 21.2% of attacks,
  • ransomware , which accounts for 16.6% of cyberattacks.

Moreover, ransomware is often coupled with the other two cyberattacks on the podium, and 81% of ransomware attacks are carried out by e-mail according to Altospam

Why is this type of cyberattack so popular?

Because it can be very profitable,

Of 46% of companies that suffered damage as a result of a ransomware attack, 67% said their total losses were between $1 million and $10 million, according to a global study on the economic impact of ransomware conducted by Cybereason.

Because it’s relatively easy to set up,

Less experienced cybercriminals can launch attacks by purchasing ransomware kits on the dark web from more experienced cybercriminals, according to a report from Threatdown. This type of model is called Ransomware as a Service (RaaS).

What is Ransomware as a Service (RaaS)?

Hackers develop ransomware attack templates and sell them to affiliates. These affiliates then use them independently to launch ransomware attacks.
It’s a true business model, since the hacker who created RaaS receives a service fee for each ransomware ransom collected by the hackers who use the ransomware he created.

Ransomware in France, in figures and statistics (2023)

The percentage of French organizations hit by ransomware in 2023 is equal to 74%, an increase of +10% compared to the year 2022, according to the “State of Ransomware” 2024 report and following a survey conducted by Sophos.

Companies Ransomware is in third place among the cyberattacks most used by hackers in France in 2023, says Cybermalveillance.gouv.fr in its “2023 assessment of cyberattacks against companies.”

Collectivités territorialesRansomware is in second place among the cyberattacks most used by hackers in France in 2023, says Cybermalveillance.gouv.fr in its “2023 assessment of cyberattacks against businesses.”

The total number of ransomware attacks reported to ANSSI is 30% higher than over the same period in 2022, according to the “Panorama de la cybermenace 2023” report conducted by CERT-FR (Centre gouvernemental de veille, d’alerte et de réponse aux attaques informatiques).

France is the 6th most affected country in the world by ransomware attacks in 2023, and the 3rd most affected European country behind Germany and Italy, according to SOSransomware via its “ransomware attacks 2023 assessment. (This ranking does not take into account the UK’s position).

Of 28% of companies that paid a ransom in 2022, 80% were hit again, according to a study by Cybereason and among a panel of companies surveyed.

Ransomware worldwide in figures and statistics (2023)

In 2023, 1 in 10 organizations worldwide were affected by attempted ransomware attacks , an increase of 33% on the previous year, according to CheckPoint s 2023 research

The sectors most affected by ransomware attacks in 2023 were, according to CheckPoint’s study:

  • education/research, with 22% of organizations suffering this type of attack,
  • followed by the government/military for 16% of targeted organizations,
  • healthcare, with 12% of organizations targeted.

In 2023, a 55.5% increase in the number of victims per ransomware attack was recorded compared to the previous year, states Cyberint in its report on ransomware trends in 2023

In 2023, ransomware payments reached $1.1 billion, according to a study of ransomware in 2024 conducted by Chainanalysis

By 2031, ransomware will cost victims $265 billion a year and attack a business, consumer or device every 2 seconds, according to forecasts by Cybersecurity Ventures

Towards an e-solidary Europe, the Council of Europe and the European Parliament have decided.
March 6, 2024 marks the political agreement reached between the European Parliament and the Council of the European Union on the Cyber Solidarity Act. Driven in large part by the rise in cyber attacks since the start of the war on Europe's doorstep, the European Union's Cyber Solidarity legislation was motivated by all 27 EU member states in favor of European cyber resilience (Cyber Resilience Act). Lire l'article