What do the town hall of Mitry-Mory (Seine-et-Marne), the industrial giant Bouygues Construction based in Guyancourt (Yvelines), the Parisian law firm Puzzle, the glass manufacturer Essilor based in Charenton (Val -de-Marne)?
All these entities have been victims of hacking and a ransom demand in recent months: ransomware or "ransomware" in English.
And the phenomenon strikes even the highest authorities of French justice.
The Paris prosecutor, Rémy Heitz, but also Parisian magistrates or lawyers in charge of sensitive cases were victims of a cyberattack, as revealed by the Journal du Dimanche.
No one escapes the risk of a well-crafted cyberattack: intrusion into the computer system, theft and encryption of data and finally attempted extortion with a ransom payable in Bitcoin or another virtual currency.
This year's new “fad” is forcing companies to pay, not just to recover their files but also to prevent data from being made public or sold off on hacker forums.
Half of French companies say they have been affected in recent months
“This wave is global and constantly increasing,” explains Jean Bayon de La Tour, cyber manager for Europe, at Marsh (leader in IT security insurance brokers), based in Puteaux (Hauts-de-Seine).
Since the start of the year alone, Anssi (National Information Systems Security Agency) has had to intervene 104 times to help important companies or affected communities.
Against barely 54 attacks recorded in 2019.
In France, 52% of companies said they had seen a major ransomware attack in the past twelve months, according to a survey conducted by British cybersecurity specialist Sophos.
Newsletter - Most of the news
Every morning, the news seen by Le Parisien
I'm registering
Your email address is collected by Le Parisien to enable you to receive our news and commercial offers.
Learn more
“In 2019, we had already noted an 83% increase in claims declared on our cyber insurance policies.
And all of our customers have been affected at some point, regardless of their sector of activity, ”explains Jean Bayon de La Tour.
"New opportunities for attacks, against many businesses and individuals"
The generalization of teleworking in the second quarter of 2020, during confinement, further accentuated the threat.
So much so that this summer, Interpol (international criminal police organization) issued an alert: "Cybercriminals are developing and increasing their attacks at an alarming rate, exploiting the fear and uncertainty caused by the situation. unstable economic and social situation due to Covid-19, underlined its secretary general, Jürgen Stock.
The growing dependence in the world on the Web also creates new opportunities for attacks, towards many businesses and individuals whose defense is not up to date ”.
The information systems security manager (CISO) of a large group that hosts 200,000 websites, he noted an increase of “30 to 40% of attacks during containment.
"
And the economic consequences can be disastrous.
The cost of a "ransomware" type attack amounts to more than 420,000 euros in France on average, according to the study by Sophos, a cybersecurity company.
This amount takes into account downtime, loss of turnover as well as technical intervention costs.
If the ransom is paid to recover the data, this average doubles.
Dramatic consequences for companies ...
"We have several customers per year in France whose loss exceeds 10 million euros," said Jean Bayon de La Tour.
The high-end lingerie group Lise Charmel was placed in receivership after a cyberattack in early November 2019 from which the company did not escape until January 2020, choosing to rebuild everything rather than paying the ransom demanded by the hackers.
The leaders estimated the shortfall "at several million euros".
Collateral victim of an attack in 2017, Saint-Gobain had lost 220 million euros in turnover, simply because the French company had the misfortune of using the same software as the Ukrainian tax administration which was initially targeted, presumably by Russian hackers.
And SMEs are no less exposed.
"Awareness of the risk of a cyber attack is inversely proportional to the size of the group, most family business owners say that their data does not interest anyone, they are wrong and that can kill their business", continues Jean Bayon de La Tour, from broker Marsh.
"An SME will never do cybersecurity but it can spend 5% more to use secure tools purchased from approved service providers in order to defend itself", assures Guillaume Poupard, the boss of the IT gendarme, Anssi, who has just published an anti-cyberattack guide.
Drawing.
For hackers, the payoffs can be colossal.
LP / Philippe de Poulpiquet
According to a negotiator specializing in the field, “in France less than one in six companies pay the ransom demanded by hackers.
“Figures corroborated by the study conducted by Sophos where 19% of responding companies say they have paid the ransom.
Sometimes the police will also ask the victim to pay a deposit to trace the money and find the perpetrators.
"In the United States, we are pragmatic, companies see the possible losses and tend to consider payment more", recognizes Jean Bayon de La Tour.
"We become professional," says a hacker
Because the gains can be colossal with minimal investment for pirates.
“We are becoming more professional and we even provide after-sales service,” dares a foreign hacker.
We even sometimes solved problems that were not of our own making, to allow the business to restart perfectly.
The ransom payment or resale of stolen data is almost always done on the dark web, in Bitcoin.
The waves of attacks are also often correlated during this virtual currency with an upsurge in piracy when it soars.
The action of an intermediary often allows the price to be negotiated.
But also to understand which criminal organization is opposite: "Coming into contact with hackers allows you to try to determine their level of competence", continues the cyber negotiator.
Because sometimes the victim will have no interest to pay, the attack being political or ideological.
“Behind a ransom, can hide sponsors who have an objective of nuisance above all, for example political activists, a competing group or a country, decrypts the negotiator.
They are not looking to make money directly.
However, it is estimated that between 65 and 85% of malicious attacks have a direct economic purpose.
"
Specialists in cybersecurity, a rare commodity on the job market
Faced with this growing threat, many groups have tried to recruit cybersecurity specialists.
"But human resources come up against a shortage of profiles in 90% of cases," underlines a report from Cesin (the Club of Information Security and Digital Experts).
"In specialized schools whose course lasts three years, if we do not grapple with a good candidate in his first year, then it's too late," said the CISO of a Parisian company.
“I had 15 proposals when I left school,” confirms a cybersecurity specialist.
For companies, it is therefore urgent to raise employee awareness.
Because phishing remains the most common hacking (79% according to the Cesin): "The flaws are often human, with an employee who clicks on a bad email, because it is more difficult to track down the faults of computer security of software ”, relates a Parisian hacker who has already resold personal data collected on online sales sites.
Start-ups rush into the breach
The best-organized companies choose one last method, that of… launching attacks against themselves to verify their own security.
Several start-ups have an army of “white hat” or “ethical” hackers who try to find the loopholes in a preventive manner.
These IT geniuses are paid with bonuses ranging from 50 euros to 20,000 euros depending on the size of the flaw detected.
“Some bugs can be critical,” relates Yassir Kazar, co-founder of Yogosha, a Parisian company which has 400 of the world's best hackers in its ranks.
For example, we worked for free for hospitals at the start of the pandemic.
"
Yassir Kazar, co-founder of the start-up Yogosha.
DR
These ethical hackers are of course also motivated by money.
“They are bounty hunters, but they like the technical challenge, the competition, and each flaw discovered earns them points, therefore modifies their internal ranking, and in this world of hackers reputation is essential,” smiles Yassir Kazar, whose business volume - nearly 900,000 euros in 2019 - is up 100% compared to 2018.
Cdiscount faces 100,000 attacks per day
The CAC40 companies are the core target of the start-up Yogosha or its French competitor YesWeHack.
Many banks have called on their army of ethical hackers.
But not only: "We organized a bug bounty at the time of containment, to check if our VPN server was not vulnerable," reports Steve Hervé, CISO of the Cdiscount company.
We use this kind of service at the end of the chain.
Because we already have a team of hackers, employees, who test our apps in real time ”.
Because Cdiscount, the French leader in e-commerce which records an average of 20 million visits per month, faces nearly 100,000 attacks per day, thwarted directly by its firewalls.
“These are not targeted or very organized attacks,” says the security manager.
Fortunately, most of those who choose to go hacked aren't the best, that's an easy way out.
"
The online sales company Cdiscount regularly calls on Yogosha to verify that its applications are not vulnerable.
DR
Despite everything, during previous sales, Cdiscount had been the target of a particularly original attack: “Order baskets were overloaded by tens of thousands of accounts coming from China, our stocks therefore appeared to be empty and this hampered our customers, ”recalls Steve Hervé.
A new wave of attacks to be expected?
The company also organizes in-house escape games around cybersecurity.
This does not prevent many employees from grumbling when they have to change login passwords regularly.
“We need a generalized awareness,” assures Jean Bayon de La Tour, who believes that we have perhaps not yet seen the arrival of the second post-Covid-19 wave: “Often pirates enter without being spotted, the time to properly analyze the structure, recover as much data as possible before setting off their bomb.
It is possible that now that the re-entry has passed, we are witnessing a new wave of attacks ”.