Companies and private individuals are of interest to cyber extortionists
Again and again, cybercriminals gain access to computers, encrypt data and backups and demand ransomware. This "business model" is so lucrative that it is even offered as a service on the darknet.
In addition to private computers, on which, for example, photos are stored, it is above all company networks with sensitive and sometimes secret company data that cyber blackmailers are targeting. All this, according to the criminals, will be irretrievably lost if no ransom is paid. But how does such an attack work?
Security vulnerabilities are exploited
In order to gain access to a computer or network, the hackers exploit various vulnerabilities. These can be personalized phishing e-mails (i.e. e-mails with a fake attachment or link, see below), or the attackers directly try to crack the access data of a computer connected to the Internet.
Once the cybercriminals have managed to do this, they begin to explore the network and switch from computer to computer. Their goal is to become an administrator of the system and to establish themselves in it.
In the third phase of the attack, the backups are first destroyed or encrypted, sensitive data is stolen and all accessible data on the servers and clients is encrypted. Now the ransom is demanded. The key to restore the data is offered for purchase and at the same time threatened to publish or resell it if it is not paid. Companies must call in the Federal Criminal Police Office at this point. They are not only threatened with data loss, but also with great damage to their image and financial consequences due to the publication of the data.
Security that doesn’t hurt isn’t safe
Unfortunately, effective protection is uncomfortable for the user at first. But you quickly get used to additional steps or new approaches.
Easy-to-crack passwords are e.g. names, words from the dictionary or dates of birth. Reliable protection, on the other hand, is provided by using a password manager that generates and stores complex passwords. All you have to do is remember the password for the manager.
Multi-factor authentication also offers additional protection against spying on the password, in which you have to identify yourself by means of further proof of identity (e.g. a PIN sent to your mobile phone via SMS) in addition to your username and password.
Beware of e-mails from unknown senders! File attachments can contain malware that allows cybercriminals to gain system access. One sign is, for example, an unusually long loading time. If in doubt, it is better to deactivate the Internet connection and pull the network cable to protect computers in the network that are not yet affected.
Regular backups are good, but they are of little use if they also have been encrypted or destroyed. Therefore, it is advisable to regularly back up to external storage devices, which can then be imported to the cleaned system in an emergency.
And, of course, you should always keep anti-virus programs up to date and install software updates and security patches immediately to close security gaps.