At the end of a large open space, at the gates of Paris, the office of General Christophe Husson. The number two of Command of the gendarmerie in cyberspace, the ComCyberGend, warns: no question of talking about the cyberattack on the Corbeil-Essonnes hospital. You should not give any information to the hackers tracked by his team, in order to identify these digital criminals, who have set the ransom at 10 million euros.
>> Cyberattacks: why are hospitals so affected?
Imagine that an infected computer network is like a crime scene where investigators are looking for what might be called “cyber-DNA”. Once they enter the network and become active, these viruses make a large number of files inaccessible, immobilize servers, computers of companies or institutions, even machines in factories.
“The first thing that the gendarmes are going to do is to take the hearings and collect the complaints so that we can have a judicial framework“, explains Christophe Husson. Then, the gendarmes will make sure to “the preservation of digital evidence” in order to be “able to identify the perpetrators, locate them and, if necessary, be able to arrest them”, he continues. “What is essential in the event of an attack?adds the General, “is to disconnect from the computer network but without turning off your computer“.
To trace the pirates, professional negotiators from the RAID (search, assistance, intervention, deterrence) can be called upon to help business or administrative managers maintain contact with cybercriminals. Enough to allow, then, to glean precious clues in investigations as long as delicate.
“The web totally ignores borders, these are investigations which, inevitably, have a certain complexity, both technical and complexity also with the different partners we have.”
General Christophe Husson, ComCyberGendat franceinfo
According to ComCyberGend, most of the time, hackers operate from abroad. The gendarmes participate in several investigation teams along with their European counterparts. And General Christophe Husson wants to be optimistic: “Yes, there is obviously a hope of achieving a certain number of successes in this area. We had a case that had already been mentioned with a group of ‘Ragnar Locker’ hackers who were able to be identified and arrested”, he explains, speaking of a cybergang which struck around fifty entities, in particular the computer network of the French shipowner CMA-CGM from whom they claimed several million euros. “This also illustrates international cooperation, since it was the gendarmerie that had worked with the support of the FBI and Europol. It is qsomething that worked well“, he acknowledges.
Ransomware or #ransomware : what is it and how to protect yourself from it ⬇️#cybersecurity pic.twitter.com/HhLsCoMcRW
— CyberGend (@CyberGEND) August 23, 2022
The motivation of these seasoned and well-organized cybercriminals is often the lure of profit. Except that “paying is not the solution“, warns the gendarme. The temptation is great for a company to respond to hackers and pay in order to recover the use of its IT service as soon as possible. But immediate payment does not guarantee the restoration of the computer system or the return of all documents.
“Call 17”, insists General Husson, who recalls, faced with the increase in these phenomena, the prevention work of the authorities, in particular the 7,700 cyber-gendarmes trained for this. In 2021, the Cnil, guardian of the privacy of Internet users in France, identified more than 2,150 reports related to ransomware.