Emmanuelle Cadiou, director of a gate manufacturing company, recounts a devastating ransomware attack that crippled her business four years ago. Faced with a ransom demand of 600,000 euros, she chose not to pay, aligning with advice from cybersecurity experts. After ten days, operations resumed with improved security measures. Experts emphasize the rising frequency of such attacks on SMEs and recommend proactive steps, including law enforcement notification, immediate disconnection from the internet, and regular data backups to mitigate risks.
Emmanuelle Cadiou’s Ransomware Nightmare
Emmanuelle Cadiou, the director of a gate manufacturing firm, vividly recalls the harrowing incident that took place four years ago when her company’s computer servers were rendered inoperable. “The printer ceased to function, the labels failed to print, and suddenly, the screen went dark,” she describes. This unexpected chaos halted all order processing and forced her workforce to stop their tasks. Her company had fallen victim to a ransomware attack, where cybercriminals seized control of their systems, leaving them powerless.
To regain access to their data, the hackers demanded a staggering ransom of 600,000 euros from Emmanuelle. She found herself grappling with the decision of whether to pay this exorbitant sum. “Fortunately, the amount was so excessive that it made my decision easier. If it had been a lower figure, say 50,000 euros, I might have been tempted to instruct our IT director to pay up just to get things back to normal. It’s a natural instinct to protect your business,” she reflected.
Essential Steps to Combat Ransomware
After ten long days, operations resumed, and the company invested in more robust electronic systems to prevent future incidents. Like Emmanuelle, many small and medium-sized enterprises (SMEs) find themselves in the crosshairs of hackers who exploit weaknesses in their cybersecurity to encrypt vital data, rendering it inaccessible until a ransom is paid.
However, Emmanuelle made a wise choice by reporting the incident to law enforcement and refusing to comply with the criminals’ demands. This aligns with the guidance from the National Agency for the Security of Information Systems (Anssi), as emphasized by its director general, Vincent Strubel: “One key piece of advice is to never pay ransom. Paying doesn’t guarantee the recovery of your data, as relying on the honesty of criminals is futile. Moreover, paying ransoms funds organized crime and positions you as an attractive target for future attacks.”
Brice Augras, an ethical hacker and founder of BZhunt, emphasizes that the frequency of these attacks is on the rise. “To mitigate the risk of falling victim to such attacks, companies must adopt proactive measures, including enlisting the help of digital security experts who can identify vulnerabilities within their systems. The surge in attacks has serious repercussions for smaller companies, sometimes resulting in irreversible data loss that can cripple a business,” he warns.
Other crucial steps include notifying law enforcement immediately and disconnecting from the internet at the first sign of trouble. Regularly backing up data and storing it on offline devices can significantly reduce vulnerability to cybercriminals. These precautions are especially critical for sensitive environments, as illustrated by the Rouen University Hospital in France, which was one of the initial victims of a cryptovirus, forcing its 10,000 employees to operate without computer access.