When you are the victim of a cyber attack, the first thing to do is discover as a step and put the necessary measures to prevent it from happening again. A process not done by one of the companies that consulted with the UK’s National Cyber ​​Security Center after paying the millionaire ransom of a ransomware and fall victim to the same attacker weeks later.

The threat of ransomware grew in recent years and society is more aware of the damage that can occur after incidents starring WannaCry and NotPetya, in 2017. Since then, the techniques of this type of attack have changed, but not its impact, as explained by the National Cyber ​​Security Center in a publication.

“In essence, ransomware is a financial transaction”, they point from the NCSC. That is, the malware that infects a computer encrypts it and hijacks the data, and so that the victims can recover it, asks for a payment in return, generally in cryptocurrencies, as happened to the National Directorate of Migration last year.

Cyber ​​attackers often exploit a worm exploit, but these types of vulnerabilities are currently “rare” in business environments, according to the NCSC. “Most of the enterprise ‘ransomware’ incidents we see today use more traditional network intrusion methods, with the attacker spending days (if not weeks) inside the network, before finally implementing the ransomware right where you think it will have the greatest impact. “

WannaCry was one of the most famous ransomwares. Photo Bloomberg

And the victims, as soon as they discover the situation, they want to “get your data back and ensure your business can get back to business.” However, they warn from the NCSC, the payment may not solve anything. “The real problem is that ‘ransomware’ is often just a visible symptom of a more serious network intrusion that may have persisted for days, and possibly longer,” they say.

For them, from this Cybersecurity Center, the first thing They ask customers how the ransomware got there, to identify the cause and secure the network. Precisely what the company he cites as an example did not do, although without revealing his name: after paying a 6.5 million pound ransom, he was once again the victim of a ‘ransomware’ executed by the same cyber attacker “less than two weeks later”.

What is ransomware and how does it work

Attacks that ask for money in return, increasingly common. Photo EFE

Due to the coronavirus pandemic, the first half of 2020 was marked in the tech world by the intensification of an old acquaintance: ransomware, an attack that allows hackers to access our personal information through a program that is installed in our phone, PC or laptop. And that, without realizing it, we often install it ourselves.

His name is a acronym for “data rescue program”: ransom in English means ransom, and ware is a shortening of the well-known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious program” (Malicious Software).

However, this type of virus works by restricting access to parts of our personal information, or all of it. And generally, hackers exploit this to ask for something in return: money.

While some simple ransomware can lock down the system in a simple way, the more advanced ones use a technique called “cryptovirus” extortion, in which the victim’s files are encrypted, rendering them completely inaccessible.

After all, ransomware exploits its victims’ emotional vulnerabilities.

