Ransomware, or “ransomware,” exploits security vulnerabilities of a company or individual to encrypt and block its computer systems, demanding a ransom to unlock them.
However, these increasingly numerous, increasingly sophisticated and increasingly costly attacks for businesses recorded a sharp increase in 2023 to reach a record level after a lull in 2022.
“It is one of the main threats” in terms of cybersecurity in the world,” Todd Carroll, author of the annual report for the French cybersecurity start-up Cybelangel, told AFP.
According to this study, ransom demands jumped by almost 40%.
And “we are still far from having reached the peak”, he warns, adding that this increase is fueled by the fact that many companies “are ready to pay”.
A survey conducted by Cohesity among 900 IT decision-makers and cybersecurity managers from large Anglo-Saxon companies shows that nearly 80% of respondents say they were victims of a ransomware attack between last July and December.
“Nearly 90% of them say they have paid a ransom to restore their data, despite their organization's non-payment policy,” specifies the American company, a specialist in data management and protection. .
Ransoms of a million dollars or more
According to the American company Chainalysis, a specialist in the study of cryptocurrency transactions, the amounts paid by victims reached “a record level” of $1.1 billion in 2023. Far from the $456.8 million in 2022. , the lowest level since 2019. In addition, “75% of ransoms paid were $1 million or more,” indicating that large companies are the main targets.
In its report, CybelAngel estimates that the average cost of an attack was $1.82 million for a business.
But the bill rises to $2.6 million if we include the payment of ransoms.
Among the most affected sectors are building and construction, information technology, education and health.
In its predictions for 2024, Russian cybersecurity company Kaspersky warns that cybercriminals could target even bigger targets: "large companies" and "major logistics players."
Last year, CybelAngel identified 62 ransomware hacker groups involved in more than 5,000 attacks.
They operate in small groups “mainly from Russia, China and countries in Eastern Europe and the Middle East.
This development of attacks can also be explained by the development of an on-demand software model (Raas, Ransomware as a Service) allowing the creators of ransomware to make it available to other hackers.
These “affiliates” carry out the attacks before sharing the profits.
Potential target Olympics
In France, 546 investigations concerning this type of attacks were opened in 2023, an increase of 30% compared to 2022, according to the Paris prosecutor's office which has national jurisdiction.
French authorities anticipate a considerable number of threats to the Paris Olympic Games between July 26 and August 11.
In December, an exercise simulating several simultaneous, high-level ransomware attacks was organized, bringing together several ministries (Interior, Justice, Health).
Others will follow between now and the opening ceremony.