Ransomware: How to deal with hackers?
They attack networks and systems and ask you to pay in order to recover everything they locked inside “the vault”. But, the last experts who deliver the “check” is the option
PUB
“In medieval times, in castles, invaders looked for the place where mice entered to find holes and attack. Hackers do the same. They look for holes.” And those are often easy to find. The growing spread of ransomware (expert experts who don’t have an advertising boost) is proof of this. Solutions in ransom networks and various ransom systems are allowed hackers to enter, encrypt, destroy, bar access and demand all reports as companies.
Porfírio Trincheiras, cybersecurity specialist at AtelierLógico, explains to CNN Portugal that, after covid-19, “what was already a path of digitization, is now a path of accelerated digitization” society transits to the internet “.
PUB
In ransomware it’s exactly the thing, only it’s not people, it’s data growing. download for the digital society”says.
PUB
PUB
PUB
Digital society that often gets in the way without knowing how. The systems tables, in the time of covid, have multiplied. There are more and more people online, working from home, often on computers shared by the whole family and who, unknowingly, end up giving hackers a door to enter employers.
“If I work on a computer shared by someone, that computer where my son plays on more or less gaming sites, and then he connects through the VPN to the computer that was on the company’s server, there is a problem”, says one of the experts. with whom CNN Portugal spoke and who requested anonymity.
What is the motivation? Money
Porfírio Trieiras is clear when the question is the motivation of those who carry out these attacks: “or who have helped us fight in recent years is that the attacks are mainly Ransomware, something that did not exist in the past”.
“Most of the attacks are financial attempts aimed at a ransom. In other words, there is an incentive to attack a computer, and this naturally causes a greater intention to carry it out”.
PUB
PUB
PUB
But, how are attacks normally processed? And how do you make money from them? If you depend on the cybersecurity experts contacted by CNN Portugal, you cannot
“After getting an entry, the data is encrypted, with a key, that only the attacker has and that only to return a change of money, normally paid in the form of cryptocurrencies and, above all, in cryptocurrencies that are not possible to follow. (…) I never paid or even tried to contact [os hackers]”, guarantees Trenches.
3 Without paying, paying, not paying.
Why? “For two reasons. 60% in the world. They pay and don’t keep the data or they can’t prevent it from being disclosed. Second factor: if I paid, there are already indications that the attackers who ransom value don’t attack and ask for ransom, since who are trying to finance this activity insurance. to be able to go, more than maybe not”.
PUB
PUB
PUB
And now?
But if we don’t pay, how are we going to get our data back? Professor António Pinto from the Escola Superior de Tecnologia e Gestão of the Polytechnic Institute of Porto explains that “we need to resort to backups and have time”.
There is no quick solution, whether you pay or not”, in an interview with CNN Portugal, adding that to be able to backup the system, it is necessary to explain the protected backups outside the network that was attacked and to have the system replaced, it is also necessary to have a server. “safe” where this backup can be restored.
Porfírio Trencheiras even says that this is “one of the most common mistakes of our companies: the system coexists in the same network”.
An expert contacted by CNN Portugal, who requested anonymity, says that “resetting is not enough”. In addition to the backup, it is also necessary to ensure that the “servers are sanitized” before doing anything.
“It is very important before people make a backup copy, that is, a copy of the places that are being “infected”. And at the same time, only after making this copy can the replacement process begin”explains, further saying that only “it replaces what is essential, the essential minimum if discovering where the things that are happening are happening in order to correct the vulnerability”.
PUB
PUB
PUB
Also because it is important to “realize that there is no other type of spyware or ransomware on the networks” that will not leave the company in the hands of hackers in the future.
“Non-intellectual is uncommon as it is unusual in the type of attack, poorly resolved by other types of attacks, and as the fraud entry point is not considered fraud for a later identity or finance attack.”
Is recovering systems without paying possible?
In general, yes. And the experts in contact with CNN Portugal guarantee that they are protected that are protected by companies that are thus protected and protected by the “castle”.
António Miguel Ferreira, Managing Director of Claranet, says that requests for help usually arrive “in a matter of a few”, and that availability has to be “for immediate intervention”. Once the alert has been launched, it’s time to get down to work to get everything back up and running.
“We focus on recovering resources, applications, planned applications and getting back to our operational-focus. That being present in the company and in the processes of each one and our role is to give that support and competent skills”.
PUB
PUB
PUB
Contacting hackers is not an option for anyone working in this area because, as we have already said, this is not a guarantee that the attack will cease and data will be restored.
“Our focus can be developed for the trading systems, through exclusive and non-trading resources. Recovery is possible, too much risk.
AtelierLógico’s cybersecurity specialist also says that recovering backups is the method chosen by him, even if it takes time and requires controlling steps.
Always paid not even contact. and passwords and we immediately blocked the accounts and reactivated them as people appeared again. [O problema é que] Don’t know if you’ll get it back. Attempting to contact to dare the key can lead to being caught. When he finds out how to pay, or travels anonymously on the internet, he never sees him again and most likely he doesn’t have the key”, reiterates Porfírio Trencheiras.
PUB
PUB
PUB
Ransomware/Cybersecurity Dictionary
What is a Ransomware Attack? |
Ransomware is a type of attack that encrypts metrics, which the user has access to with a key like that. In this way, at the beginning of the process, the key capable of reversing is sent to the aggressor and only he can reverse the process. |
How is it processed? |
The first step consists of accessing the computer or more usually the computer network of the target entity, this access can normally work by one of two processes, being done by exploiting a security flaw in the attacked entity’s servers that are exposed to the internet (web, mail server or any other) or via social engineering, in this case, which represents the most common way, a network user is tricked into activating malicious software, either via a deceptive mail attachment, a link to an infected website or otherwise prior process. |
How to propagate? |
Once a computer is infected, the process of encrypting the computer’s files begins, while using this user’s access to enter the computer from the computer. |
How to identify if you are infected? |
Usually the inscription is identified by the presence of files with a different extension from the original, for example.doc. |
How is the ransom requested? |
In traditional ransomware cases, a file is usually left on the victim’s computer with a ransom note. |
PUB
PUB
PUB