2023-09-01 01:44:01
PyLocky is a ransomware that appeared in 2018. NICOLAS SIX / LE MONDE
The error, tucked away in the court citation, eventually gave rise to a twist. The 13th correctional chamber of the Paris judicial court pronounced, Thursday, August 31 at the end of the evening, the release of Hamza B., a 35-year-old Algerian national who was accused of being behind several ransomware attacks on French territory. In question, a lack of precision in the facts of which he was accused: justice was mistaken in the name of the malicious software which he was supposed to have used.
This rebound comes to feed a file which was already more than unusual. A story that dates back to the summer of 2018, almost the last century in the middle of ransomware, these malicious tools used to infect computers and computer networks, encrypt victims’ files to make them inaccessible and demand a ransom in exchange for sesame for recover its data.
At the time of the events, several French entities, including notarial firms but also prisons, were targeted and infected by PyLocky, a very artisanal software compared to what is done today. Among the victims, targeted by the massive sending of e-mails containing corrupted links, were in particular the penitentiary centers of Orléans-Saran, Bourg-en-Bresse and Varennes-le-Grand, but also the judicial court from Lyon.
Read also: Article reserved for our subscribers Pirate arrested, virus on the loose
Sentenced in the United States
The investigations, initially launched following a complaint from Derichebourg and carried out by the Information Technology Fraud Investigation Brigade of the Paris Police Prefecture (Befti, today BL2C), then lead on the trail of Hamza B., already imprisoned in the United States in a case of cybercrime. According to the specialized site ZDNetthe investigators discovered, in particular, while investigating a mail server used for attacks, an address linked to the brother of the defendant, but also, in other elements of the file, IP addresses geolocated around the prison where he was detained at the time.
Hamza B., previously known by the pseudonym “BX1”, had been convicted and imprisoned in the United States for having led, in the early 2010s, waves of hacking based on two infamous malware: SpyEye and Zeus. Two “banking trojans” designed to infect computers and steal credentials. These tools are generally distributed to other hackers who can in turn carry out attacks, most often very broad, based on networks of infected computers.
“BX1” was not directly the developer of these tools, but he was not just any user either. According to an American court document, he had developed a very large network of infected computers (“botnet”) which he used to infect other machines in cascade and deploy, among other things, banking viruses. Screenshots of his postings on the now closed Darkode discussion forum, but at the time a place chosen by some cybercriminals, show that he advertised his services, including the sale of computer networks. compromised computers, to other hackers. When he was arrested in Thailand in 2013, American investigators seized the stolen banking data of more than 200,000 people from his computer media, as well as elements relating to a site he was suspected of using to resell these stolen credentials.
Read also: Article reserved for our subscribers The “infostealers”, this small cybercrime that thrives in the shadow of ransomware
Twists at the hearing
The French trial of Hamza B., initially scheduled for May, had been postponed against the advice of the prosecution. The hearing was therefore finally held on Thursday August 31 in Paris. The defendant attended by videoconference from his prison in Arizona. The seven hours of hearing, marked by numerous interruptions, were devoted to the multiple appeals put forward by the defense lawyers, My Raphaël Chiche and Jérémie Nataf, who notably underlined that they did not have the time necessary to discuss with their client before the hearing, in a highly technical and complex file.
They explained, for example, that they had only had forty-five minutes of videoconference with Hamza B., in the presence of a member of the American prison administration, and added that the defendant had not been able to receive the file which was sent to him. had been sent by his advisers, the postal parcel having returned to the issuer. Two priority issues of constitutionality, also raised by counsel, were dismissed.
The world
Special offer for students and teachers
Access all our unlimited content from 8.99 euros per month instead of 10.99 euros
Subscribe
Finally, as the court prepared to discuss the facts, Hamza B. was surprised, while listening to the summary of the facts, to hear the name of the PyLocky ransomware, while the court citation did refer to another malware, called JobCrypter. The prosecution claimed a clerical error, but after a final suspension, the court pronounced the release and dismissed the civil parties.
Read also: Article reserved for our subscribers Behind ransomware attacks, a criminal ecosystem continues to flourish
#cybercriminal #accused #ransomware #attacks #France #acquitted #procedural #error