“The investigation that we have carried out has not found any data leaks to date”, assured a press release from the Department of Ardèche after a cyberattack which has paralyzed – since Wednesday at least – the internal computer system, according to information from France. Blue. The group of cybercriminals operating the Lockbit 2.0 malware seems to have a different opinion and made it known this Friday on its Darknet claims site. An ultimatum until next Tuesday accompanies their ransom demand not to publish the siphoned data.
Already behind resounding cases of data blackmail having affected Thales, Accenture or TransDev, the group of Russian-speaking hackers claims this time to have carried out a successful cyberattack – with data extraction at the key – against the territorial community of Rhône-Alpes. The incident affects all the services which depend on it such as the colleges and the remediation is in progress according to the Dauphine Libéré.
Well-known to cybersecurity experts for two years, Lockbit 2.0 has specialized in extortion with a radical method and computer and server encryption tools designed to avoid systems that use the Cyrillic alphabet. “They do not offer to decrypt the data in exchange for cryptocurrencies like other ransomware, their software is a “wiper” which deletes everything”, details Guillaume Maguet, technical director of Deep Instinct, a cybersecurity company specializing in prevention. But they then enter into a negotiation via their platform on the DarkNet with the victim to prevent the precious files from leaking on the Internet.
They also have a reputation for exaggerating the extent of their loot and bluffing like when they claimed an attack on the Ministry of Justice by waving some documents stolen from a Norman law firm. In any case, local authorities and companies are instructed never to pay a ransom in order not to feed this mafia system.
This cyberattack also sounds like a wake-up call. “The other groups of computer hackers are not at a standstill in the current context of war in Ukraine”, underlines Yannic Lecomme, director of cybersecurity programs at Sopra Steria. “They even take advantage as never before that all the lights are shined on the groups of hackers who have given their support to Russia” highlights the expert.