They affect all kinds of organizations, from SMEs to hospitals in the midst of the Covid-19 epidemic, including large groups and local communities. Ransomware has become the most serious computer threat facing businesses and institutions today.
According to CrowdStrike, France is now the third most affected country in the world, after India and Australia, by this type of attack consisting in remotely installing software on a computer to make its data unreadable, before demanding a ransom to restore it.
But for several months voices have been rising, and not least, for denounce the attitude of the victims, considering that they have their share of responsibility in the rise of a phenomenon that has become an infernal machine.
” Today, France is one of the countries under attack for ransomware. Why ? Because we pay the ransoms too easily! “, launched Johanna Brousse, vice-prosecutor in charge of cybersecurity cases at the Paris prosecutor’s office, during a hearing in the Senate on April 15.
From a few hundred euros to a few million
According to Wavestone, 20% of ransom demands received by French multinationals are settled. The case is however complex. Because if companies get there, it is because they do the analysis that it is, at present, their best defense …
Required in the form of cryptocurrency, these ransoms range from a few hundred euros to a few million and pose, each time, a case of conscience to business leaders. If they pay, they can hope to find unencrypted data made unreadable by the ransomware and quickly pull the company out of paralysis.
“For an SME boss, paying is a non-choice since every day lost is a day of unemployment for his employees”, explains Erwan Brouder, the boss of the audit firm BSSI.” However, it is not uncommon for the cybercriminal to pocket the money without returning the data…
An unhealthy system
Companies are not the only ones responsible. Many today point the finger at the role of insurers, including Guillaume Poupard, CEO of Anssi, recently denounced the “Cloudy game” causing the victim to pay the ransom. The insurer prefers this rather than reimbursing the damage, much more expensive, caused by data loss …
Insurance companies sometimes even have use of ransom negotiators. Of “Intermediates a little gray” according to Guillaume Poupard, to whom “We must hunt” because “They make a business of paying ransoms and will sometimes be remunerated on their ability to negotiate lower ransoms”. “It’s extremely unhealthy! “
“ There are many insurers, rather Anglo-Saxon, who give a guarantee of payment of ransoms, but some French insurers have also spoken out against payment ”, specifies Philippe Cotelle, president of the cyber commission of the Association for the management of risks and insurance of the company.
In France, no legal framework prohibits paying the ransoms of cyber attacks. “The recommendation of the public authorities is not to pay, but it is not written in the law”, underlines Garance Mathias, lawyer specializing in computer security. And a victim’s complaint remains admissible if the victim has complied with the attacker’s request.
Cracking down on ransom payers
In the United States, the victims are now also condemned. “They start to treat the attacker and the payer in the same way”, notes Garance Mathias, with reference to a note from the Treasury department dated October 2020. This document formally discourages American companies from paying the ransom, recalling thatthey face charges of funding activities that threaten national security.
Between 2019 and 2020, the number of referrals to the Paris prosecutor’s office for cryptocurrency ransom events increased by 543%. The perpetrators of these attacks, which use software that can cripple business activity, often threaten to post sensitive data on the internet. This inflation of attacks is not ready to stop, as an article to read on the Echos website explains: Cyberattacks by ransomware are exploding in France
Not sure that banning ransomware payments is a solution either. According to Gérome Billois, at Wavestone, “In the vast majority of cases, paying does not speed up recovery. But it makes sense when the survival of the business is at stake or when entering into a ransom negotiation allows investigators to trace the criminals.