Editorial N°14 – Ransomware

Among the family of malware available, ranswomware has become a major focus in recent years. The speed at with  ransomware are conceived, is proof of their attraction. In this way, hackers directly attack the most sensitive data of individuals and companies to naturally pushing them to pay the ransom in the hope of recovering them. Such an upsurge of ransomware naturally raises the question of protection and awareness among the various actors. Unfortunately, too few employees or individuals are aware of the means of contamination of ransom software. This lack of understanding mechanically increases the risk of infection. In the world of IT security, where the weakest link is often the human misinformed.

The Internet of Things is no longer spared by ransom software. At the Defcon 2016, researchers had hacked into a connected thermostat. In 2018, smart TVs were targeted. Thus, it will not be surprising that more and more objects of everyday life will be unusable by these malware. It will then remain for their owners to pay the ransom if they want to use it again. This new aspect of crime shows the intertwining of the digital world with the physical, an intertwining that raises serious questions about the validity of certain innovations and the means implemented to secure them. Simultaneously, the recent use of compromised networks of infected smart devices to conduct DDoS attacks testifies the development of the cybercrime.

Recently, the Emotet botnet has made its comeback in Europe. First discovered in 2014, this botnet was spotted on September 16 in a campaign that involved hundreds of thousands of emails targeted mainly at organizations in Austria, Switzerland, Germany, Spain, the United Kingdom, Italy, Poland and the United States. Originally identified as a bank Trojan malware, Emotet has evolved and recently changed classification, highlighting the speed with which cybercriminals are adapting their tools and techniques to continue to reach their targets.

For several months, we have recalled at many times that it is important that the actors involved in the design and maintenance of the elements of smart devices consult each other on the establishment of security standards, and that everyone makes firm commitments on the implementation of concrete measures.