Pirates approaching cities. It’s been a while that we no longer count on the fingers of one hand, not even both, the French communities victims of cyberattacks. In 2022 alone, the National Information Systems Security Agency (Anssi) treated 25 cases. Recently, Lille, in the North, was targeted by the infamous Royal Ransomware gang. Long spared by pirates, communities thought they were sheltered by the lack of interest they felt they represented. This is no longer the case and the awakening has been brutal, forcing cities, departments and regions to make cybersecurity a priority.
It has been seven months since the city of Caen was the victim of a ransomware attack and the scars of the hackers’ passage through the municipal computer system are still felt today. In particular at the level of the municipality’s website from which the early childhood portal and the association account are still inaccessible. However, the prefecture of Calvados was not starting from nothing since it was experimenting at the time of the attack with a new generation antivirus solution, EDR type, offered by HarfangLab. “Our software did the job by detecting the beginnings of the attack. Almost immediately, we were able to recommend actions to be taken to block it,” explains to 20 minutes an engineer from HarfangLab, present at the International Cybersecurity Forum (FIC) in Lille.
“Adopt good safety hygiene”
And if the EDR antivirus helped to limit the breakage, the attack still did collateral damage, in particular by preventing the use of computers and network connections for a certain time. Because if the use of such software is a solution, it is not THE solution. In the wake of this cyberattack, the prefect of the Calvados department encouraged local elected officials to turn to existing services offered by the gendarmerie. “For communities that request it, we carry out cyber pre-diagnoses, to try to detect flaws, vulnerabilities in systems and people”, explains to 20 minutes Lieutenant Loïc Pessé, in charge of cyber prevention at the Calvados gendarmerie group.
Pioneers in France, the cybergendarmes of 14 also provide training: “Be careful with your passwords, including those for wifi networks, detect phishing attempts, false quality scams”, continues the gendarme. “It is only through training that network users and managers will be able to adopt good security hygiene,” adds the HarfangLab engineer.
“We refused to pay the ransom”
And when the damage is done, many only have their eyes to cry. It is not yet known if this is the case for Lille, although it is known that hackers from the Royal Ransomware group have taken over several hundred gigabytes of data. At the beginning of 2021, a ransomware attack hit the computer system of the city of Angers. “At the time, we built systems thinking that we were not interesting targets for hackers,” recognizes the director of information systems (DSI) of the city. For this attack, the data had not been exfiltrated, but only encrypted. “We refused to pay the ransom because we had multiple backups that allowed us to restore the system,” recalls the DSI.
The assessment that Angers makes of this experience is that you have to be prepared for it. This is in particular the role of the community digital security club (CSNC). When a new community is attacked, it contacts those who have already had the trick. The CSNC makes it possible to formalize these exchanges, “to avoid being alone when it happens and to share knowledge”, we are told. Advice on the procedure to follow for the victims, but also for the communities still spared. “Isolating or filtering access to the network as needed, sectorizing services as much as possible to avoid contamination and, above all, integrating that security is now an integral part of the daily life of information systems departments”, insists the association.