Town halls, businesses, or even hospital services … hackers have never claimed so many victims. What to do in the face of increasingly frequent cyber attacks? Pay, or not? In France, the authorities recommend never paying a ransom.
Near Besançon, a family construction company has nevertheless yielded to the blackmail of REvil, a very active group of cyber hackers which specializes in attacks by “ransomware”, this malicious software which blocks a computer system until obtaining a ransom.
70,000 euros in ransom … then 25,000
Grégory Myotte-Duquet found himself with a knife to his throat: an SME with 20 employees to run, and 70,000 euros in ransom to be paid in three days. But he decided not to let it go.
By email, he begins negotiations with the hackers. He begins by explaining that he “cannot pay $ 80,000”, and proposes 5,000. Too little for the hackers, who all the same revise their demand seriously downwards: $ 32,000, and three more days for pay. But be careful, “if the ransom is not paid before this date, the price will double”.
5,000 euros after three weeks of negotiation
In three weeks of negotiation and after 30 emails (the manager asks for guarantees, the hackers promise not to attack again and to send a decryptor in case of problem), “kindly, we can agree on the 5,000”, tells G. Myotte-Duquet. To bring down the amount of the ransom, he played on the sensitive chord, “the side of a small family business with less than 20 employees, which cannot pay more than that”. “OK, we understand you,” the hackers finally answered. The payment was made in cryptocurrency, and the data was returned.
Stockholm syndrome 2.0?
From this negotiation, a strange feeling remains: the Stockholm syndrome 2.0. “Over a period of three weeks, testifies the ransomed builder, something is starting to be created… I don’t mean to say that we start to understand the aggressor, but… Sometimes, I said to myself: it’s a business like any other. It’s illegal, it’s a shame for us, but they are taking advantage of flaws in a system that, if it were in place, would not leave the door open to this kind of thing. After all, wouldn’t it be the smartest people behind the computer right now? ‘”
Extract from “Hackers: the new robbers”, a document to see in “Further investigation” on January 28, 2021.
> Replays of France Télévisions news magazines are available on the Franceinfo website and its mobile application (iOS & Android), “Magazines” section.