This Thursday, April 7, it is 9 p.m. when the three magistrates of the flagrante delicto chamber, the nickname of the 23and Chamber of the Paris Court of Justice, are tackling a new thorny case.
After a phone theft, violence on ascendant and death threats from an antivax against deputies, here they are in charge of a ransomware attack – also known as ransomware.
Postponed a first time in January, due to overload of hearing, and a second time a month later, the time to make at the request of the defence, the full transcription of the police custody, the case will be studied during three o’clock that evening by the magistrates.
The return of WannaCry
A few months earlier, in November 2021, a Parisian software publisher for finance professionals had been targeted by a ransomware attack. A particularly astonishing affair. It was WannaCry that had been used, an obsolete software to say the least.
This self-replicating malware appeared in May 2017. Similarly, the ransom demanded was anecdotal, barely 300 dollars in bitcoins. A sum that is impossible to collect, even in the event of payment. The default payment crypto address had not been changed. This cast doubt on the real motivations behind this attack.
Investigators will eventually identify a suspect, a former employee of the company betrayed by his IP address.
Judged in immediate appearance
The judges of the 23and chamber had not, however, hidden their reluctance to try a case of cybercrime with a strong technical dimension. Because this file does not really correspond to the criteria of the usual cases of immediate appearances.
This legal procedure initiated by the prosecution is faster. It makes it possible to judge cases considered simple after the suspects are in police custody, such as cases of violence, theft or even indecent assault.
With this unprecedented first, to our knowledge, it was obviously for the Paris prosecutor’s office to accelerate the judicial response against acts of cybercrime. At the risk, however, of losing magistrates unaccustomed to cyber investigations.
70,000 euro fine
But the judicial result finally validates this strategy. While the defense requested release, the magistrates were convinced of the defendant’s guilt because of the recording, on several occasions, of the family IP address to the service account at the origin of the computer attack from from mid-October.
“The court was marked by your ability to deny the evidence,” added President Mabille to the defendant, after reading the deliberations, this Thursday, May 12.
The defendant, a young thirty-something who lives with his parents in Seine-et-Marne, and who intends to appeal, was thus found guilty of computer hacking and extortion. He was given a six-month suspended prison sentence. He will also have to pay significant damages to the target company, around 70,000 euros in total. The company had estimated its damage at nearly 90,000 euros.