Le Figaro Bordeaux
To discover
Follow all the news of the city of Bordeaux
The dismantling of the international cybercriminal network called "Hive" was announced in high places by Christopher Asher Wray, the director of the FBI, this Thursday.
Watching this videoconference alongside Le
Figaro
in his office in Bordeaux , divisional commissioner Paul Bousquet, head of the financial crime division at the Zonal Directorate of the Judicial Police (DZPJ) in the South West, is happy.
This conclusive international operation is the first outcome of a global investigation.
Thirteen countries, communicating daily via Europol since the first attack in Canada in June 2021, have contributed to the dislocation of the infrastructure of one of the three most active ransomware in the world.
New Aquitaine being the first French region to be affected by
“
Hive
”,
during the attack on a scientific laboratory in Deux-Sèvres, the DZPJ du Sud-Ouest was invested in the case in July 2022. The case is complex: “Hive” is
ransomware as a service
(Raas).
In other words, the first hackers created malware that was "
ergonomic, easy to access and use.
whose services they hire out to other affiliated malefactors.
After having encrypted the data of an organization's information system (most often a public service), this second band of cybercriminals demanded a ransom under threat of publishing the stolen data.
Once collected, the entire amount demanded in cryptocurrencies, most often in bitcoins, was paid to the “initial creators”, who then redistributed part of it to their “customers”.
58 French victims of “Hive” ransomware
Since the first attack on national territory in July 2022, 58 organizations have been victims of “Hive” ransomware in France.
26 of them filed a complaint.
Among the most publicized cases, the attacks on the National School of Civil Aviation (Enac), the local authority of Guadeloupe, the town hall of Annecy-le-Vieux (Haute-Savoie), the companies Altis and Damart or even that, on October 8, 2022, of the departmental council of Seine-Maritime, which was the first quickly countered in France.
In collaboration with the sub-directorate for the fight against cybercrime (SDLC) and under the leadership of the J3 section of the Paris public prosecutor's office, the Bordeaux DZPJ had thus contributed to recovering 99% of the stolen data, i.e. 62 terabytes and 850 machines. unlocked in just three weeks.
“Hive”: 1,500 victims in 80 countries
Since its first attack in Canada in June 2021, the “Hive” ransomware has claimed 1,500 victims, including 58 French women, across 80 countries for a total damage estimated at 92 million euros.
Thanks to the international cooperation of 13 countries, including France, 141 million euros in ransoms were thwarted.
The targets of these cybercriminals were mainly public establishments.
Hospitals were thus attacked during the Covid-19 crisis, preventing the reception of new patients and forcing doctors to use paper forms.
"Paying a ransom is fueling organized crime"
Little trained in cybercrime, business leaders rarely have the right reflexes in the face of an attack.
Most of the time, they therefore erase, in spite of themselves, the computer traces of intrusion which make it possible to identify the location of the servers used by the hackers.
“
It is important not to erase the data by replacing it with a backup or turn off the computer out of fear
”, simplifies the head of the division for the fight against financial crime at the DZPJ du Sud-Ouest, Paul Bousquet.
On the contrary.
Read alsoAssessing the financial impact of cyber risks, a vital issue
The good reflex is to disconnect it from the wifi or intranet network by putting it in airplane mode, while leaving it connected to a power cable so that the investigators can have access to "
the connection logins and the logging of the firewall connections
" upon their arrival.
And above all, you must never give in to hackers.
“
Paying a ransom is fueling organized crime with no guarantee of not being reattacked three days later
,” insists the divisional commissioner.
The preliminary investigation, on which five police officers from the South West DZPJ are actively working in collaboration with 13 countries, is still ongoing.
And for good reason, concludes divisional commissioner Paul Bousquet: “
Now that we have broken the tool, we must identify the authors, who are numerous and who can be anywhere in the world.
»