Paris (AFP)

By their number and the damage caused, ransomware, the source of the cyberattack which hit the French construction giant Bouygues Construction on Thursday, is "the most serious threat" targeting companies and institutions, according to the French Agency. IT security specialist (Anssi).

What is ransomware?

Ransomware is malicious computer code preventing the victim from accessing the content of his files in order to extort money from him, summarizes Anssi in a recent report on the state of this threat.

Historically, attackers were content to display a page in the foreground requiring the payment of a sum of money to be deactivated. From now on, they set out to encrypt (make illegible) a maximum of files useful to the victim and ask for the payment of a ransom in cryptocurrency to decrypt them.

How is this threat evolving?

The number of ransomware attacks increased significantly in 2014, during "large infection campaigns" by e-mail which mainly targeted individuals. These campaigns still represent the majority of attacks, but their number seems to be decreasing.

On the other hand, there has been a shift towards businesses, in order to favor, from the pirate's point of view, targets with sensitive documents and more likely to pay a ransom.

Since the beginning of 2019, cybersecurity software publisher Symantec has reported a 20% drop in ransomware infections, but a 12% increase against businesses.

Finally, cybercriminals no longer hesitate to specifically target large companies or institutions, "financially robust and which can pay big", up to tens of millions of dollars.

The risks are such that insurance companies now take over the ransom amount while companies specialize in dealing with cyber criminals.

"Today, insurance companies incite victims to pay the ransom which often turns out to be lower than the cost of restoring activity without resorting to the decryption key. This incitement to pay validates the economic model of cybercriminals ", regrets Anssi in his report.

Finally, since the end of 2019, cybercriminal groups have been threatening to publish stolen documents, potentially confidential, in the event of non-payment of the ransom.

What are the precedents?

The most massive ransomware attack occurred in May 2017, when the Wannacry worm infected at least 200,000 machines in more than 150 countries in one day. Renault factories had been particularly affected in France, as well as the British health system which had estimated its costs to return to service at 100 million euros.

Throughout the year 2019, ransomware infected a Norwegian aluminum company, the American city of Baltimore or the Eurofins Scientific research laboratories, in turn, causing data loss and significant delivery costs. in state of the computer park.

In France, ANSSI dealt with 69 ransomware-type incidents in 2019, targeting in particular the Altran companies in January, Fleury Michon in April, Ramsay Générale de Santé in August, and the Rouen University Hospital in November.

Who is behind the Bouygues Construction attack?

The construction subsidiary of the giant Bouygues admitted Friday to be the target since the day before a ransomware-type attack which caused the shutdown of its entire computer system. The attack is orchestrated by a group of cybercriminals using the Maze ransomware, Damien Bancal, a French cybersecurity specialist who claims to have contacted the hackers, told AFP.

Maze was discovered in May 2019. According to Anssi, it is mainly known to be associated with Internet disclosures of documents stolen from companies.

In December, a group announced in particular that it had stolen data from the American cable company Southwire. When the latter refused to pay the $ 6 million ransom, the hackers released all of the stolen data in January.

The American city of Pensacola or the security company Allied Universal were also victims of the same software at the end of the year.

"These large amounts combined with the risk of disclosure of internal data make it the ransomware with the greatest potential impact on businesses and institutions," notes Anssi.

© 2020 AFP