When the world gets closer.

We help you see farther.

Sign up to our expressly international daily newsletter.

Already a subscriber? Log in .

You've reached your limit of one free article.

Get unlimited access to Worldcrunch

You can cancel anytime .

SUBSCRIBERS BENEFITS

Exclusive International news coverage

Ad-free experience NEW

Weekly digital Magazine NEW

9 daily & weekly Newsletters

Access to Worldcrunch archives

Free trial

30-days free access, then $2.90
per month.

Annual Access BEST VALUE

$19.90 per year, save $14.90 compared to monthly billing.save $14.90.

Subscribe to Worldcrunch
Economy

Ransomware: Hackers Break Into Blackmail Business

Cyberpirates engage in extortion on individuals as well as companies, through data kidnapping and threats to reveal sensitive information. Red Alert for the accounting department.

According to Europol, several millions computers have been infected in the past two years, generating a multi-million-euro turnover.
According to Europol, several millions computers have been infected in the past two years, generating a multi-million-euro turnover.
Sandrine Cassini

PARIS"If you are a customer of Domino's Pizza, know that we asked them not to publish your data in exchange of 30,000 euros...”

This was the message posted on Twitter in mid-June by the “collective" of hackers Rex Mundi. The pizza delivery company has refused to bow to the blackmail of the group, which boasted of stealing data from 600,000 customers.

This incident is just the latest illustration of the new weapon for cybercriminals: old-style extortion. “Usually, the demands are not made public. Here, the hackers are playing their last card,” says Gérôme Billois, computer security consultant at Solucom.

He reckons that Rex Mundi would have made more money by reselling the data on the black market. A brand's customer is worth between 50 cents and 2 euros, and between 300,000 and 1.2 million euros for the whole load like in this case of Domino’s Pizza, Billois estimates, “though data lose their value very quickly."

This is the “ransomware” game that is especially in fashion now. It can take the form of blocking the functioning of a computer and then asking the owner between 300 and 1,000 euros for him to have his encryption keys. “Sometimes the hacker makes a sneaky pass for ransom by sending an official message that appears to come from an authority imposing a fine," says Loïc Guézo from Trend Micro.

According to Europol, several millions of computers have been infected in the past two years, generating a multi-million-euro turnover.

The same phenomenon strikes companies in different ways. Discretion is required, so the ransom demands tend to be in bitcoin, the emerging virtual and untraceable currency.

But the first order of business is often kidnapping the data. Michel Van Den Bergue, CEO of Orange Cyberdefence, cites a case where hackers got their hands on a trove of human resources data. "They threatened to reveal the salaries of top managers on both internal and public forums,” he said. The ultimatum was a success for the hackers: the company paid.

A limitless imagination

A second option is for the hackers to paralyze an information system or threaten to destroy a sensitive data base (customers’ files, leaders’ email, etc). They can also threaten to overload a company's network or system. "The hackers paralyzed the trading room of a bank for 45 minutes, and it caused colossal losses," says Laurent Combalbert, a former officer in the anti-terror unit of the French national police, who now works in crisis management and ransom negotiation for private firms. If the amounts do not seem large compared to the damage that could be suffered, it is precisely because the approach has been to encourage the victims to pay.

So how should companies react? “We advise them to reveal the fuss and, more than anything, not to pay the ransom because otherwise it becomes a spiral," says Combalbert. "In extreme cases, negotiations happen — only by email since the hackers have dematerialized the negotiation — the ultimate goal remaining to convince the victim to give up."

The latest phenomenon is the fake orders of transactions. By getting informations on social networks, hackers pretend to be the bosses, putting pressure on an accountant or an assistant: “On LinkedIn, you can easily access all the charts of a company and its strategic projects. We saw some of our clients accepting to do transfers of 100,000 or 200,000 euros,” says Jean-Michel Orozco, chief of cybersecurity at Airbus Defence and Space.

Banks — particularly Société Générale, BNP Paribas, and CDC — take this phenomenon very seriously. The French central bank has made the issue a priority on its annual agenda.

And when you thought it couldn't get worse, the final trick worth mentioning: direct intrusion into the billing system. "I had the case of a client who had 1.5 million (euros) stolen this way," says Gerome Billois. How? The hacker broke into the company information system, and in the guise of the accounting department, commissioned several major transfers.

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

Society

Is Disney's "Wish" Spreading A Subtle Anti-Christian Message To Kids?

Disney's new movie "Wish" is being touted as a new children's blockbuster to celebrate the company's 100th anniversary. But some Christians may see the portrayal of the villain as God-like and turning wishes into prayers as the ultimate denial of the true message of Christmas.

photo of a kid running out of a church

For the Christmas holiday season?

Joseph Holmes

Christians have always had a love-hate relationship with Disney since I can remember. Growing up in the Christian culture of the 1990s and early 2000s, all the Christian parents I knew loved watching Disney movies with their kids – but have always had an uncomfortable relationship with some of its messages. It was due to the constant Disney tropes of “follow your heart philosophy” and “junior knows best” disdain for authority figures like parents that angered so many. Even so, most Christians felt the benefits had outweighed the costs.

That all seems to have changed as of late, with Disney being hit more and more by claims from conservatives (including Christian conservatives) that Disney is pushing more and more radical progressive social agendas, This has coincided with a steep drop at the box office for Disney.

Keep reading...Show less

The latest