Ransomware growing in Switzerland

At least 600 cases of ransomware – blackmail using infected computer software – are reported every week by businesses and individuals in Switzerland, reports La Liberte.

Ransomware works by malicious software code making its way onto a computer or corporate network through an infected email attachment or USB drive, encrypting the data followed by demands to pay to get the data decrypted again.

The 600 cases have been reported every week since the beginning of 2016. The Swiss federal Reporting and Analysis Centre for Information Assurance (MELANI) does not release official statistics on the number of cases – due to the large number of ransomware incidents that are not reported – but has also noted a significant increase this year.

The ransom demanded ranges between CHF 400 and 2,000, modest amounts in order to increase the likelihood of the victim paying up. However, for large businesses demands for several hundred thousand francs have also been reported.

How ransomware works

Hackers generally send an email containing an infected attachment or link to an infected website, which then installs a piece of malware – malevolent software – on the computer.

Users are faced with an error message that completely blocks access to their data as it has been encrypted by the malware. The hacker then asks for the ransom before delivering the decryption key, which will again allow access to the data.

The cost of paying the ransom is often lower than losing both the data and the time spent.

It is discouraged to pay the ransom as there are no guarantees that the decryption key will be sent or work, as well as funding the hacker’s continued exploits.

Past experiences

In February 2016 ransomware infected a hospital in Los Angeles, encrypting all the patient data, The Washington Post reported. To decrypt the data, the hackers were paid $17,000.

In French-speaking Switzerland, La Liberte reports the story of a large investment house that paid tens of thousands of francs three months ago to be able to continue doing business.

In 2015 the personal details of 30,000 customers of the Swiss Geneva Bank (BCGE) were published on the internet after the bank refused to pay a $12,000 ransom.

How to prevent ransomware

• Back up your data regularly so that you can simply restore the data.
• Keep your software up to date to ensure the latest security patches are installed.
• Be careful of suspicious emails received unexpectedly or from unknown senders. Don’t follow the instructions, don’t click the links and don’t open the attachments.
• Keep your virus protection up to date and invest in enterprise-grade anti-virus software.
• Make sure an enterprise-grade firewall is installed and properly managed.
• Block dangerous email attachments at network level.

What to do if it happens to you

1. Immediately disconnect your computer from the network and/or call your IT provider
2. Do not pay the ransom.
3. Erase all data on the computer and re-install the operating system before restoring your data from your backup.
4. Report the incident to the police.