Entrepreneur Cyber ​​attack: victimized business leaders tell the nightmare

Cyber ​​attack: victimized business leaders tell the nightmare

This SME boss would never have imagined paying a ransom in bitcoins to criminals masked behind a computer screen. A few hours after noticing the total paralysis of a small subsidiary of his logistics company due to a cyber attack, he nevertheless created an account on a dark web website.

His usual search engine queries couldn’t have got him there. But he followed the instructions of a criminal group calling themselves Sodinokibi. After a few exchanges of messages – “like on WhatsApp” – the hackers asked him for $ 300,000 in cryptocurrency to unlock his subsidiary. An amount equivalent to one third of the target’s annual turnover.

The leader is taken by the throat. Since early this morning of January 27, 2020, all files stored on the entity’s network are unreadable. A virus – ransomware – renamed and locked them. Impossible for its employees to find their e-mails, their contact books, their accounting tables. Unless you give in to blackmail. “The other option would have been to reconstruct a year of data,” he says, “but it’s a titanic job. “

As in a “customer service”

This professional based in the South-East of France wishes to remain anonymous, but remembers precisely the hours that followed. “The attackers answered us very politely, in English which did not appear to be their mother tongue. Between each message, it could pass twenty minutes, sometimes several hours, as if our interlocutors worked in a customer service which had work, he explains.

The discussions, conducted with the help of cyber risk specialists mandated by his insurer contacted urgently, last more than a week. The criminals end up lowering the ransom amount. “At one point the insurance said okay we pay. “


It is then a question of obtaining bitcoins and following the instructions of the criminals to pay. The money goes, without the company knowing where. Then she receives software that she runs. “In a few minutes, we find our files in good shape and everything else disappears,” recalls the boss.

Despite its happy ending, the cyberattack left the leader bitter. “The insurance premiums that I have honored for years have saved the business,” he says. However, the idea “that one is satisfied to pool funds to pay criminals makes me sick”, confesses the head of company.

He is far from alone in facing this dilemma. Year after year, criminals in organized gangs, calling themselves DarkSide, Revil (alias Sodinokibi), Clop or Conti, crack down on actors from all walks of life and all sizes: large groups and SMEs, ministries and town halls, medical offices and even hospitals in the midst of a health crisis are not immune to their large-scale extortion campaigns.

Explosion of attacks

Between 2019 and 2020, the National Information Systems Security Agency (Anssi) noted a quadruple, to 192, in the number of ransomware attacks perpetrated within large administrations and CAC 40 companies that it protects. .

And observers are convinced that – under the radar – thousands of smaller companies are victims each year. Without being directly assisted by Anssi, they can rely on technology professionals such as Orange Cyberdefense, Atos or Wavestone or on experts working for insurers such as Stelliant.

The extent of the cyber threat for mid-sized companies and SMEs remains all the more difficult to quantify as complaints are not automatic and testimonials are rare.

Olivier Piquet, the general manager of the French fine lingerie group Lise Charmel, is one of those who have decided to break the silence. “It’s better to talk about cyber attacks, it’s the only thing that kills you in 24 hours,” he describes.

The boss speaks knowingly. Almost two years after having been the target of hackers, his company has still not regained the level of activity of the year 2018, however marked by the movement of “yellow vests”.

“Much harder than the Covid”

The Covid crisis and the confinements of 2020 and 2021 have gone through this of course. But “the cyber attack was for us something much harder than the Covid, insists Olivier Piquet. In the morning you get up and your box is dead. “

This morning, it was November 8, 2019 for Lise Charmel. Olivier Piquet receives a call from his IT manager, herself alerted by an employee who was prevented from working. At that point, “you just know you have 1,000 people shut down,” he recalls. The servers of the Lyon company are disconnected, but “in three hours of time during the night, 98% of our machines had been encrypted”.

The entrepreneur decides not to pay the requested ransom. The experts consulted explain to him that paying the requested sum will not necessarily solve his problem. “Nothing tells you that there is not a second bomb in your networks for in two weeks”, summarizes Olivier Piquet. The company, supported by Orange Cyberdefense, has chosen to reset its entire computer system and relaunch the business using the saved data, including on analog tape.

Legal redress

Simple to summarize, the operation is actually a headache. “Without counting the service providers, ten people worked night and day and weekends included for 1 month”, assures Olivier Piquet. It is necessary to repatriate IT equipment from employees abroad, redo physical inventories, etc. During this time, impossible to collect customers as usual, to deliver them, to order the raw materials to prepare well for the next season …

The restart of the business is only taking place slowly. As a result, the end-of-year celebrations and Valentine’s Day are “missed” while these are key events for the manufacturer, which had generated a turnover of 60 million euros in 2018. The group has found all of its operational resources in September 2020, ten months after the shock.

In the meantime, the company opted for receivership, four months after the attack. One way to give yourself oxygen, especially with regard to banks. Even if this measure of legal protection, associated with the rout of a company, adds another layer of opprobrium, Olivier Piquet is pleased to have had recourse to it.

The payment of the ransoms in question

It allowed the company to restructure its debt and review its organization. But also to score points in the battle between him and his insurer on compensation for the damage suffered. The conflict is not resolved. And Lise Charmel can at least take advantage of “cyber” insurance.

Only 8% of mid-sized companies could say the same in 2020, according to a survey published this year by the French association of “risk managers” of companies, Amrae. SMEs could be even less equipped while 87% of large companies have this type of cover.

However, insurance can cushion the shock of cyber attacks by covering the operating losses caused. Bercy has promised an action plan on the subject by early 2022. Because faced with the surge in the cost of attacks, insurers tend to increase their prices and be more cautious. They also warn against “systemic” attacks, impossible to cover because they are far too destructive.

False good idea

The authorities are however expected to turn on the issue of ransoms. According to the consultancy firm Wavestone, 20% of the large groups attacked end up paying, including sums of up to millions of euros. Insurers may offer to take charge of this payment. But this practice is criticized. In particular by Anssi, which considers that it maintains cybercrime.

Cybercriminals “now target the files of insurers to then attack their customers and thus have increased guarantees of payment”, writes Guillaume Poupard, the boss of the authority in a report by the LREM deputy, Valéria Faure-Muntian . This one does not hesitate to throw a pavement in the pond by recommending to prohibit the payment of the ransoms by the companies and the assumption of responsibility by the insurers.

A false good idea, however, argue insurers and brokers. What is at stake, they argue, is often the survival of a company and the fate of many employees. For them, a ban would be useless, taken at the scale of a country, to counter cybercriminals intervening across borders.

On the other hand, the experts are unanimous on the fact that it is necessary to raise the level of security of the French companies. By relying heavily on prevention. Because very often attacks thrive on common and basic errors that could be avoided. At Lise Charmel, for example, hackers succeeded in gaining a foot in the door when an employee consulted his personal e-mail box and opened a corrupted e-mail.

“No system is inviolable”

The blow also started from an awkwardness at Pullin. This southwestern SME, which sells men’s clothing, was the victim of a cyberattack this summer which paralyzed its headquarters for a few days. “My former IT manager had not replaced some passwords. To have access to the server, the password was Admin ”, remembers his boss. Emmanuel Loheac.

Fortunately for the company, the stores were able to keep running. The company decided not to pay the requested ransom was able to count on backups to get back to the fore. However, “no system is inviolable”, considers the leader.

This feeling is shared. At the house of XXII, a start-up specializing in video surveillance and artificial intelligence, the virus, encountered this summer, was quickly neutralized. But the feeling of insecurity remained. “When I see that the big players in cybersecurity could not help us, I tell myself that it is impossible to be up to date”, laments his boss. William eldin.

More lucrative than drug trafficking

The apparent impunity of criminals also raises questions. The entrepreneurs we interviewed don’t expect law enforcement to stop criminals who have attacked their businesses.

In fact, cybercriminals most often operate outside French territory and international cooperation does not work well. When a network is dismantled by international police, others take its place. Globally, cybercrime earns more money than drug trafficking, experts point out.

Alerted by the rise of this threat, the State has promised a plan of one billion euros by 2025 to strengthen the security of companies and train experts in cyber defense. The National Gendarmerie has this year set up a “cyberspace command” bringing together 7,000 cyber investigators, with the aim of increasing to 10,000 next year, its commander Marc Boget recently declared.

“Very enlightening” gendarmes

What – perhaps – to put balm in the heart of Olivier Piquet for whom the gendarmes “were very enlightening on what happened”, but did not have enough means to help him when the cyberattack is occurrence.

“I lodged a complaint, but in the end, we paid a criminal to stop bothering us,” said the leader of South-East France, who paid a ransom. Who laments: “I didn’t really feel a struggle. “

Leave a Reply

Your email address will not be published. Required fields are marked *