¿What are "ransomware" used by hackers?

What is 'ransomware'?

'Ransomware' is malicious software that encrypts computer files and forces users to pay a sum of money, often in the form of a virtual currency, to recover their use.

These devices are used on computers as well as on tablets and smartphones. These affect "both individuals and companies and institutions," Amar Zendik, CEO of security company Mind Technologies, told AFP.

How do they work?

Hackers generally take control of computers taking advantage of internet glitches. This can happen because the victim queries an already infected web page or opens an e-mail that invites you to click on a link or download an attachment.

In a few seconds, the program can be deployed. "When installed, it has no viral load and can not be detected," Laurent Maréchal, a cybersecurity expert at McAfee, told AFP. It is only later, when "download the payload, ie the viral load," he adds.

The computer is then encrypted and locked. "In most cases, the user must send an SMS," of course payment, "to obtain an unlock code," details Maréchal, who states that infection, in some complex cases, can spread "without human intervention ".

Is it frequent use?

Yes. The phenomenon is increasing. According to Kapersky Lab's security program editor, 62 new "ransomwares" families were detected last year. And according to McAfee, the number of "samples" detected increased by 88% in 2016, to reach four million.

The origin of this success lies in the investment returns that these programs entail and which pirates consider high.

"Pirates often ask for small amounts. But accumulated they reach large sums ", explains Amar Zendki, who specifies that they are" easy to execute and very profitable ".

An opinion shared by Maréchal, who remembers that "ransomware" are "easy to get". "In the 'darkweb' (dark area of ​​the internet, not indexed in the classic search engines), individuals can buy ransomware ready to use, sometimes for only $ 150," he insists.

What do we know about Tuesday's attack?

The global cyber-attack uses a new type of virus, never seen before, said Russian cybersecurity company Kaspersky Labs.

"Our preliminary analysis suggests that it is not a variant of 'ransomware' Petya, as previously suggested, but a new ransomware, which has never been seen to date. That is why we have nicknamed it NotPetya, "the Russian company said in its statement.

Cyberattack was first detected in Russia and Ukraine, where radiation monitoring systems at the sinister Chernobyl nuclear power plant were affected. Airports, banks and even the Russian oil giant Rosneft were hit.

In a few hours, cyberattack began to spread worldwide, affecting other global companies, such as the Danish shipping carrier Maersk, the British advertising group WPP, the French Saint-Gobain and the US pharmaceutical laboratory Merck.

How to protect yourself from such an operation?

Several simple rules can be followed to reduce the risks of infection, both for this cyberattack and for the ransomware set. Among them, to make frequent updates of the security programs, that allow to correct the faults exploited by the virus.

In case of an incident, the authorities also advise to disconnect the infected equipment immediately from the network in order to isolate them. In case a virus affects a company or an institution, it is advisable to alert as soon as possible to those responsible for computer science.

Both the authorities and the program editors also expressly recommend that businesses and individuals not pay for the ransom. "This does not guarantee that data access will be restored," the US Department of Homeland Security warned in a statement. AFP.