The situation has become so critical that it has mobilized at the top of the state.
After several large-scale cyber attacks against healthcare establishments, the phenomenon of ransomware attacks is increasingly worrying cybersecurity players.
At the head of the European heavyweight Orange Cyberdefense, Michel Van Den Berghe wants to sound the alarm signal on a threat that is less and less virtual and more and more industrialized.
Interview.
rpt LP / Damien Licata Caruso
The year 2020 and the start of the year were marked by an upsurge in cyber attacks, particularly by ransomware.
How do you see this threat
?
Michel Van Den Berghe
.
Our intervention teams are over-requested and we are sometimes forced to refuse assignments.
It bothers me a lot not being able to go to people who are victims of a cyberattack because we simply don't have any more staff available.
It is as if the firefighters you call for a fire ask you to wait while the tanker comes back and leaves your house.
This is particularly dramatic for small and medium-sized businesses, which 60% quickly file for bankruptcy after suffering a ransomware attack.
The others potentially paid the ransom to continue working.
What advice do you give to the victims of such an extortion attempt?
Obviously you should not pay because this feeds a mafia system and offers no guarantee of a return of data.
But it is sometimes difficult to get entrepreneurs to accept.
Take the example of an architectural firm that recently found itself on a Monday morning with all its data encrypted by malware that also attacked its online backups.
All the plans were inaccessible and therefore the sites were blocked.
After having made note of the damage by an expert who did not provide him with a solution, this head of a company of 70 architects succeeded in negotiating the ransom of 500,000 euros to 15,000 euros in Bitcoins.
He paid and got his data back.
But it is a terrible observation of failure for us cybersecurity specialists.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
How do you avoid getting to this type of situation?
We have helped large companies to strengthen their security and now we want to offer smaller organizations and hospitals complete and affordable solutions with antivirus and automatic updates.
It's not their job to update and they don't have time.
It will be necessary to industrialize and automate their cybersecurity in complete transparency.
It's like a car that is well secured, no one is wondering how the ABS or the Airbags work, you just want to step on a pedal and brake.
Your teams intervened during the cyber attacks against
the hospitals of Dax
and
Villefranche
, what situations did they have to face?
Both establishments were affected by the Ryuk ransomware, which encrypted their machines and data servers.
We found IT teams stunned and almost knocked out standing there.
There was a start of panic when this started to be publicized.
We recommended that they cut everything to contain the damage.
A team of five specialists went on site to avoid the propagation and rebuild the network from zero.
We had to create a bubble of confidence and reconnect the equipment one by one, ensuring that the virus was not reactivated.
We took the opportunity to install malicious behavior detection tools that allow us to isolate an infected computer.
Getting back into operation was a little easier for the Villefranche hospital, which was able to recover its data thanks to backups.
But that was not the case for Dax.
What can we learn from this?
All hospitals that have not yet been affected are potential targets.
Health establishments or town halls are not more targeted than the others, but they are people who do not have the financial and human resources or for whom it is not the job of computer security.
They are easier targets to attack.
There is so much work to be done in a hospital to secure a network that it cannot be done in-house.
Cybercriminals have industrialized their methods, potential targets must also automate everything.
Manufacturers of this equipment should also be required to update their systems which run on Windows XP and which are connected to the hospital's computer network.
Our teams were amazed at the level of updates and security.
Finally, we will have to accept not to connect everything and anything in such vital places.
Will the
additional billion euros plan for
national cybersecurity announced by Emmanuel Macron be
enough to reverse the trend?
This plan had already been launched for some time but it is interesting for the sector that the subject is carried by the President of the Republic, who quickly understood the priorities.
It will give the means to Anssi [National Information Systems Security Agency, Editor's note] to hire 300 additional experts, audit hospitals to assess their condition and carry out the cybersecurity campus project which aims to raise the national level in a quick and concrete way.
We need a pooling of expertise in order to benefit from the collective intelligence that will avoid us as many attacks as possible.
This money will also help raise public awareness of computer barrier gestures.
READ ALSO>
Gangs, extortion and ransomware ... Investigation into very organized gang hackers
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
