How does the malicious program that has paralyzed SEPE services work?

The message on the SEPE website.

The message on the SEPE website.

The The computer system of the State Public Employment Service (SEPE) has suffered an attack of the type 'ransomware', an extortion that is carried out through a 'malware'- malicious program - that gets into company computers: computers, laptops and mobile devices.

This type of software is characterized by enter the networks of a target, in this case the SEPE, and encrypt - disable - the computers to request a ransom, has explained to Efe the cybersecurity expert José Rosell, managing partner of the company S2 Grupo.

"Its main objective is money and what is behind it are mainly mafia groups", stressed Rosell, who has reported that the means by which the virus has been introduced is still unknown.

Usually, this type of "bugs" usually enter either through a malicious email that has an attachment or through a link (url) that connects to a "web already prepared to infect whoever visits it".

The end goal is to encrypt, that is, render computers useless, so that if the company wants to recover the contents of the computer and return to work, it has to pay a ransom.

"But the first thing to say is that the ransoms -which normally do not transcend- cannot be paid; it is a crime", has riveted this expert, who added that an attack of this type can be difficult to solve. Although the impact has not yet transpired, it may even take days, depending on the magnitude of it.

On the employment service website you can read that for causes beyond SEPE the website and the electronic office are not operational. "We are working to restore service as soon as possible."

Furthermore, this fact is already being investigated by the National Intelligence Center (CNI), sources of the agency have confirmed to Efe.

On its website, the National Cybersecurity Institute (Incibe) explains that this type of malicious software "hijacks" company information, generally preventing access to it by encrypting it, and requesting a ransom (in English "ransom") in exchange of his release.

It usually causes temporary or permanent loss of information, disrupts normal activity, causes financial loss and reputational damage.

This type of attack is growing exponentially because it is very profitable for criminals, among other things because there are more and more "hijackable" devices, adds the Incibe.

Rosell agreed: "They are not the most dangerous, but they are the most common incidents."

As for why the attack on the SEPE has occurred, the expert has summarized: this is due to the digitization of the world. "While we are talking about digital transformation, in parallel, a little behind, is cybersecurity. Without cybersecurity there can be no digital transformation," said Rosell, who has thought that much more should be invested in raising awareness.

And it is that this type of 'ransomware' enters using and deceiving people, either because they click on an email or a link.

As for the specific type of 'ransomware', this expert has said that initially it looks like one called "ryuk", although there is still not enough information about it.


Source link