Faced with the upsurge in ransomware attacks, the director of Anssi, Guillaume Poupard, and Johanna Brousse, deputy prosecutor specializing in cybercrime at the Paris prosecutor’s office, pointed out the role of insurers during a hearing in the Senate last Thursday. “Today, France is one of the most attacked countries in terms of ransomware. And it is probably because we pay the ransoms too easily: insurers too often guarantee the payment of the sums demanded by cybercriminals, ”Johanna Brousse explained to the senators.
The murky role of intermediaries
An observation shared by Guillaume Poupard, who denounces the “cloudy” game of some insurers. The director of Anssi explains “understand” that the calculation may seem rational in the eyes of an insurer, who will prefer to pay a ransom to recover the data rather than incur the significant costs that would result from the impossibility recover data encrypted by ransomware. But this approach, which he compares to a “prisoner’s dilemma”, will prove to be counterproductive in the medium term, according to him. “It is necessary to fight against these actors, under penalty of seeing a real ecosystem being created”, recalls Guillaume Poupard.
With the development of ransomware attacks against companies in recent years, a whole galaxy of intermediaries are indeed positioning themselves in this sector: insurers play a leading role, but negotiators and remediation companies can sometimes also offer solutions. facilitate the payment of ransoms demanded by attackers.
The sometimes ambiguous role of intermediaries had already been highlighted in the United States with Propublica’s investigations, which had shown how companies specializing in incident response could also offer their services to negotiate and facilitate the payment of ransoms. The subject was raised in Great Britain earlier this year, with insurers coming under fire for facilitating the payment of ransoms for companies victims of ransomware. In France, the question arises as the firm Wavestone estimates that 20% of French companies victims of ransomware end up paying the ransom. “The problem is that when these ransoms are paid, it finances all kinds of criminal networks”, recalls Johanna Brousse before the Senate. The magistrate wishes to reiterate the slogan: do not pay the ransom, because each ransom paid strengthens the image of France as a prime target for cybercriminals.
The question of the ban
The problem is well known in the industry: each ransom paid helps to strengthen the capacities of cybercriminals, who greatly benefit from the imbalance between attackers and defenders in the field of cybersecurity. To meet this challenge, the issue of banning the payment of ransoms is sometimes raised, but the subject remains delicate. The American government had taken a first step in this direction by recalling last year that the payment of ransom to certain groups could constitute a crime. As recalled The echoes, the French legal framework does not prohibit the payment of ransoms and the slogans of the authorities in this matter are only advice to be followed and not obligations.
In addition to the role of insurers, Johanna Brousse points to the lack of resources for investigative services: the Paris cybercrime prosecution has only 3 magistrates, and the OCLCTIC (Central Office for the fight against crime linked to information technologies and communication) has only 10 investigators specializing in piracy cases. An observation shared by Guillaume Poupard.