Ransomware

Verified 26 juin 2024 - Directorate for Legal and Administrative Information (Prime Minister)

Your situation

  • Ransom demand demanded to unlock a device
Edit

Ransomware is a form ofextortion.

For an individual, this involves installing malicious software that encrypts all or part of a computer system (for example: computer, phone, tablet, server) or your files and requires payment of a sum of money in exchange for a decryption key, allowing you to access it again.

Prevent malware from spreading

If you are a victim of ransomware, you must disconnect the device from the Internet to prevent the virus from spreading to other devices (for example: a phone connected to a computer).

Later, you can investigate whether a decryption solution is available for the type of ransomware you are experiencing.

This can be done online through the following platform:

Ransomware - Download a decryption solution

If you can't find a decryption solution on this platform, don't pay the ransom. This is because the payment does not ensure a new access to your files or the infected device. On the contrary, you may be asked for a new sum of money.

Please note

If the infected device belongs to the company/administration where you work, it is recommended that you notify IT so that it can take immediate action.

Gathering evidence of ransomware

If you are a victim of ransomware, you must collect as much evidence as possible to establish this offense and determine the perpetrator.

These may be:

  • The message telling you that you have been hacked
  • The ransom demand
  • Encrypted files that you can no longer access.

If you can't gather evidence, you can hire a computer expert.

You can also ask for help from the professionals of the website cybermalligence.gouv.fr:

Getting help with malicious cyber activity

If you are a victim of or witness to ransomware, you can report it to THESEE: titleContent.

The controllers of personal data (example: Head of company) should also report this infringement to the Cnil: titleContent where there is a risk of violation of the privacy of one or more persons.

Répondez aux questions successives et les réponses s’afficheront automatiquement

Reporting by an individual

Anyone (adult or minor) can report ransomware through THESEE: titleContent :

Report ransomware (THESEE)

Reporting is not a complaint. It consists solely in informing the investigation services of theThe offense and to provide them with information to identify the perpetrator.

If you report ransomware, you will not be kept informed of the outcome of your report.

Reporting by the controller of personal data

Notification to the Council

If the ransomware is about a processing of personal data and there is a risk to the privacy of one or more individuals, you must notify the Cnil: titleContent.

Example :

Malicious software attacks a company's files. One of them has to do with human resources management. In this case, it is necessary to alert the Cnil, because there is a risk with regard to the privacy of the employees included in this file.

This report must be made from the website of the Cnil: titleContent within a period of 72 hours from the time of the breach of the processing:

Notification to the Cnil - Violation of a processing of personal data

Later, you can provide additional information by making an additional notification.

Reporting to THESEE investigators

As the controller of personal data, you can also report on THESEE: titleContent :

Report ransomware (THESEE)

Reporting is not a complaint. It consists solely in informing the investigation services of theThe offense and to provide them with information to identify the perpetrator.

If you report ransomware, you will not be kept informed of the outcome of your report.

If you are a victim of ransomware, you can file a complaint against the perpetrator of the malware or virus. If you don't know his identity, you can file a complaint against X.

Complaints about THESEE: titleContent shall be admissible only if a request for money has been made. He's no payment and/or collection required.

If you cannot access THESEE, you can file a complaint by traveling to the police station or gendarmerie of your choice or by writing to public prosecutor.

In all cases, the complaint must be filed within 6 years from the fact-finding commission.

Répondez aux questions successives et les réponses s’afficheront automatiquement

On THESEE

As a victim of ransomware, you can file a complaint from this online service:

File a complaint for ransomware (THESEE)

Investigators of THESEE: titleContent give you information on the outcome of your complaint, the assistance you can receive (e.g. assistance from a lawyer) and how to obtain compensation.

Warning  

Minors may not lodge complaints about THESEE: titleContent.

On the spot

To file a complaint, you must go to the police station or to the gendarme of your choice.

Who shall I contact

Police or gendarmerie services are obliged to register your complaint if you are a victim of infringement.

The complaint is then forwarded to the public prosecutor for him to decide on what to do next (investigation, no follow-up classification, etc.).

If you don't know the perpetrator, you can fill out a online pre-complaint before you move.

Online Pre-Complaint

Then you need to sign your complaint on-site in the police station or the gendarmerie brigade that you chose.

The police investigation may result in the conviction of the author by the correctional court.

If you constitute yourself civil party, you can get damages.

FYI  

If you are a minor, you can go alone to the police or gendarmerie and report the facts. However, you do not have the right to sue for damages. Your parents must do it on your behalf.

By mail

You must write directly to the public prosecutor sitting on the court of law the place of the offense or the place of residence of the offender the offense.

The letter must specify the following information:

  • Your full marital status (surname, given names, date of birth, etc.) and full contact details (address and telephone number)
  • Detailed account of the facts, date and place of the offense
  • Name of the alleged perpetrator if known (otherwise you should file a complaint against X)
  • Names and addresses of any witnesses to this offense
  • Description and provisional or definitive estimate of the damage
  • Evidence Documents

You can use the following mail template:

File a complaint with the public prosecutor

Your complaint can be sent by registered letter with acknowledgement of receipt, by simple letter or by letter followed.

In any case, a receipt is given to you as soon as the Public Prosecutor's Office has registered your complaint.

Who shall I contact

Subsequently, an investigation is conducted and may result in the conviction of the perpetrator by the correctional court.

If you constitute yourself civil party, you can get damages.

Please note

If you have already filed a complaint at a police station, a gendarmerie brigade or with the public prosecutor, you can report ransomware on THESEE.

The ransomware perpetrator faces a sentence of:

  • 7 years in prison
  • €100,000 of fine.

Who can help me?

Find who can answer your questions in your region