The State wants to set up a telephone emergency service accessible 24 hours a day, 7 days a week to assist victims of cyberattacks, which will be aimed at individuals, businesses and administrations alike.
This is a major initiative, the outlines of which, as recognized by the Ministry of the Interior, still need to be clarified. Monday, January 10, 2022, during a trip to Nice, the Head of State, Emmanuel Macron, spoke about the “implementation (soon, editor’s note) of a digital equivalent of “call 17″ (the Police Secours emergency call number), so that each citizen can report a cyber attack live and be put immediately in connection with a specialized operator.” This hotline will be accessible 7 days a week, 24 hours a day. Interior (Lopmi) which will be presented to the Council of Ministers, will be aimed at individuals, companies and administrations. Clearly, it will be accessible to all, permanently.
17 Cyber: a service accessible 24 hours a day, 7 days a week
For the victims, the 17 Cyber will constitute a first element of response and support in the face of the different types of cyberattacks with which they are confronted, whether it is a phishing scam attempt linked to supposed ( but fictitious) legal action, as may be the case for individuals, or ransomware attacks (ransomware in English), launched against companies, administrations or hospitals. Until now, if certain companies decided not to give in to this type of blackmail (sometimes at their own risk, as recently demonstrated the case of the company Thales), many victims (individuals or businesses) caught off guard and paralyzed by fear of “what will we say” chose either to pay sometimes substantial ransoms to cybercriminal organizations, or to wallow in silence, but certainly not to alert the authorities.
The future 17 Cyber is therefore an outstretched hand to victims and a new way to fight against cyberattacks. At the other end of the line, victims who dial this emergency number will be put in touch with experts working within theANSSI (National Information Systems Security Agency) or the Ministry of the Interior. In response to the various acts of cyber-maliciousness suffered, they will be able to benefit in particular from personalized legal support and valuable advice concerning the possible filing of a complaint and the safeguarding of digital evidence.
A brigade of cyber patrollers soon to be reinforced
Along with the announcement of the forthcoming deployment of the “17 Cyber”, the President of the Republic, also mentioned the creation of a cyber training school which will be created within the Ministry of the Interior to train police officers, gendarmes and agents of the intelligence services on the subject of cybersecurity. . In terms of numbers, this should represent at least 1,500 additional “cyberpatrollers” – notably reservists – for the next few years. In February 2021, following a series of ransomware cyberattacks paralyzing several health establishments in the midst of a health crisis, the government had mobilized one billion euros, including 720 million in public funding. This envelope, partly financed by France Recovery and the Future investment program, aimed to strengthen the national strategy for cybersecurity. In terms of prevention and awareness-raising in the heart of the territories, the ANSSI has thus just validated the creation of regional cyber incident response centers. These structures will be entrusted with two main missions: quickly solve problems related to cyber threats and limit the socio-economic impacts of cyberattacks. In addition, cybersecurity is now one of the priorities of the French presidency of the European Union, which runs until June 30, 2022.
MISP-PJ: a centralized malware information file
At the same time, the Ministry of the Interior continues to “booster” its arsenal in the fight against cybercrime. A decree published on December 26 in the Official Journal thus authorizes “the implementation of automated processing of personal data relating to breaches of automated data processing systems”, in other words the creation of a new file and a new database making it possible to collect and store (for six years) a number of elements (e-mail addresses, IP addresses, pseudonyms, profile name(s) on the social networks or identifiers, domain name(s), port number, ransom demand email, ransom note, encrypted file data and file signature, virtual currency wallet address), constituting a cyberattack. This file will be called MISP-PJ (for Malware Information Sharing Platform – Judicial Police).
Ransomware cyberattacks, freezing or erasing (“wiper”) data from a computer or an information system have become one of the favorite weapons of cybercriminal organizations, moreover most often convinced of evolving with complete impunity. However, the tide is starting to turn and we have been witnessing for several weeks the dismantling sometimes as spectacular as it is unexpected (like that of the REvil group in Russia in recent days) of some of these organizations. About the REvil group, which had been raging since 2019, the wave of arrests that took place in Moscow and Saint-Petersburg would have made it possible to get their hands on 426 million rubles (4.87 million euros), 600,000 dollars, 500,000 euros and around twenty luxury vehicles. Which is a lot for individuals, most of whom had no declared professional activity.