attacks “fairly common” and “not necessarily targeted”, according to a specialist


Cyber ​​attacks are “quite common lately” and “not necessarily targeted”, recalls Nicolas Arpagian, teacher at the National School of Police. This cybersecurity specialist reacted Thursday April 1 on franceinfo to the attack against the pharmaceutical group Pierre Fabre, the third largest French laboratory.

For Nicolas Arpagian, it is above all a question of villainous activities of opportunity, the hacker sending “a large number of messages” and cash “on the fact that one of the recipients will click on a malware link”. Then the virus “paralyzes information systems”. To recover its computer data, the company is offered to pay a ransom.

franceinfo: What does a cyberattack consist of?

Nicolas Arpagian: These are pretty common attacks lately. These are ransomware-related extortion activities, that is, the hacker offers to release data that has been previously encrypted in exchange for paying a ransom. So indeed, it is a villainous activity that paralyzes information systems. Sometimes all or part of the company’s computer systems can be affected. In the case of the Fabre laboratory, apparently, it is the production that is achieved and not the distribution. It has to do with the fact that the systems are separate, distinct, and therefore effectively, it limits the ability of malware to spread.

Was the Fabre laboratory specifically targeted, in your opinion?

With regard to the accessibility to attack tools, we should not consider that we are on necessarily targeted attacks. That is to say that the person who carried out the operation did not necessarily deliberately target the Pierre Fabre laboratories. We are witnessing attacks that work in the form of campaigns. In recent times, these attacks have targeted both local communities and hospitals.

“The hacker will send a large number of messages, mainly by email, and therefore he will rely on the fact that one of the recipients will click on the malware link.”

Nicolas arpagian

to franceinfo

How should you react in the event of a cyber attack?

Already, we must stop the attack, that is to say make sure to technically isolate the infrastructure from the network to prevent contamination and the spread of the virus. This allows to circumscribe, that is to say to ensure that there is not a continuous infection of the systems. Then, you have to know if you have backups on other equipment. We must ensure that we have healthy copies on other platforms, possibly at service providers or in other infrastructures. This will allow the company to restore its information capital. And then you have to ensure the integrity of the equipment. There, there is a whole phase of audits, to ensure that if we have to reconnect equipment, it is done from healthy infrastructures, which do not contain any virus or dormant malware residue. We must file a complaint and not pay the ransom to avoid encouraging and stimulating this criminal economy.


Leave a Reply

Your email address will not be published. Required fields are marked *