When the world gets closer.

We help you see farther.

Sign up to our expressly international daily newsletter.

Already a subscriber? Log in.

You've reach your limit of free articles.

Get unlimited access to Worldcrunch

You can cancel anytime.

SUBSCRIBERS BENEFITS

Ad-free experience NEW

Exclusive international news coverage

Access to Worldcrunch archives

Monthly Access

30-day free trial, then $2.90 per month.

Annual Access BEST VALUE

$19.90 per year, save $14.90 compared to monthly billing.save $14.90.

Subscribe to Worldcrunch
Economy

Ransomware: Hackers Break Into Blackmail Business

Cyberpirates engage in extortion on individuals as well as companies, through data kidnapping and threats to reveal sensitive information. Red Alert for the accounting department.

According to Europol, several millions computers have been infected in the past two years, generating a multi-million-euro turnover.
According to Europol, several millions computers have been infected in the past two years, generating a multi-million-euro turnover.
Sandrine Cassini

PARIS"If you are a customer of Domino's Pizza, know that we asked them not to publish your data in exchange of 30,000 euros...”

This was the message posted on Twitter in mid-June by the “collective" of hackers Rex Mundi. The pizza delivery company has refused to bow to the blackmail of the group, which boasted of stealing data from 600,000 customers.

This incident is just the latest illustration of the new weapon for cybercriminals: old-style extortion. “Usually, the demands are not made public. Here, the hackers are playing their last card,” says Gérôme Billois, computer security consultant at Solucom.

He reckons that Rex Mundi would have made more money by reselling the data on the black market. A brand's customer is worth between 50 cents and 2 euros, and between 300,000 and 1.2 million euros for the whole load like in this case of Domino’s Pizza, Billois estimates, “though data lose their value very quickly."

This is the “ransomware” game that is especially in fashion now. It can take the form of blocking the functioning of a computer and then asking the owner between 300 and 1,000 euros for him to have his encryption keys. “Sometimes the hacker makes a sneaky pass for ransom by sending an official message that appears to come from an authority imposing a fine," says Loïc Guézo from Trend Micro.

According to Europol, several millions of computers have been infected in the past two years, generating a multi-million-euro turnover.

The same phenomenon strikes companies in different ways. Discretion is required, so the ransom demands tend to be in bitcoin, the emerging virtual and untraceable currency.

But the first order of business is often kidnapping the data. Michel Van Den Bergue, CEO of Orange Cyberdefence, cites a case where hackers got their hands on a trove of human resources data. "They threatened to reveal the salaries of top managers on both internal and public forums,” he said. The ultimatum was a success for the hackers: the company paid.

A limitless imagination

A second option is for the hackers to paralyze an information system or threaten to destroy a sensitive data base (customers’ files, leaders’ email, etc). They can also threaten to overload a company's network or system. "The hackers paralyzed the trading room of a bank for 45 minutes, and it caused colossal losses," says Laurent Combalbert, a former officer in the anti-terror unit of the French national police, who now works in crisis management and ransom negotiation for private firms. If the amounts do not seem large compared to the damage that could be suffered, it is precisely because the approach has been to encourage the victims to pay.

So how should companies react? “We advise them to reveal the fuss and, more than anything, not to pay the ransom because otherwise it becomes a spiral," says Combalbert. "In extreme cases, negotiations happen — only by email since the hackers have dematerialized the negotiation — the ultimate goal remaining to convince the victim to give up."

The latest phenomenon is the fake orders of transactions. By getting informations on social networks, hackers pretend to be the bosses, putting pressure on an accountant or an assistant: “On LinkedIn, you can easily access all the charts of a company and its strategic projects. We saw some of our clients accepting to do transfers of 100,000 or 200,000 euros,” says Jean-Michel Orozco, chief of cybersecurity at Airbus Defence and Space.

Banks — particularly Société Générale, BNP Paribas, and CDC — take this phenomenon very seriously. The French central bank has made the issue a priority on its annual agenda.

And when you thought it couldn't get worse, the final trick worth mentioning: direct intrusion into the billing system. "I had the case of a client who had 1.5 million (euros) stolen this way," says Gerome Billois. How? The hacker broke into the company information system, and in the guise of the accounting department, commissioned several major transfers.

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

Economy

Lex Tusk? How Poland’s Controversial "Russian Influence" Law Will Subvert Democracy

The new “lex Tusk” includes language about companies and their management. But is this likely to be a fair investigation into breaking sanctions on Russia, or a political witch-hunt in the business sphere?

Photo of President of the Republic of Poland Andrzej Duda

Polish President Andrzej Duda

Piotr Miaczynski, Leszek Kostrzewski

-Analysis-

WARSAW — Poland’s new Commission for investigating Russian influence, which President Andrzej Duda signed into law on Monday, will be able to summon representatives of any company for inquiry. It has sparked a major controversy in Polish politics, as political opponents of the government warn that the Commission has been given near absolute power to investigate and punish any citizen, business or organization.

And opposition politicians are expected to be high on the list of would-be suspects, starting with Donald Tusk, who is challenging the ruling PiS government to return to the presidency next fall. For that reason, it has been sardonically dubbed: Lex Tusk.

University of Warsaw law professor Michal Romanowski notes that the interests of any firm can be considered favorable to Russia. “These are instruments which the likes of Putin and Orban would not be ashamed of," Romanowski said.

The law on the Commission for examining Russian influences has "atomic" prerogatives sewn into it. Nine members of the Commission with the rank of secretary of state will be able to summon virtually anyone, with the powers of severe punishment.

Under the new law, these Commissioners will become arbiters of nearly absolute power, and will be able to use the resources of nearly any organ of the state, including the secret services, in order to demand access to every available document. They will be able to prosecute people for acts which were not prohibited at the time they were committed.

Their prerogatives are broader than that of the President or the Prime Minister, wider than those of any court. And there is virtually no oversight over their actions.

Nobody can feel safe. This includes companies, their management, lawyers, journalists, and trade unionists.

Keep reading...Show less

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

Already a subscriber? Log in.

You've reach your limit of free articles.

Get unlimited access to Worldcrunch

You can cancel anytime.

SUBSCRIBERS BENEFITS

Ad-free experience NEW

Exclusive international news coverage

Access to Worldcrunch archives

Monthly Access

30-day free trial, then $2.90 per month.

Annual Access BEST VALUE

$19.90 per year, save $14.90 compared to monthly billing.save $14.90.

Subscribe to Worldcrunch

The latest