A ransomware operator has announced that it has carried out a cyberattack against the Conforama group, we learned on Thursday. In a note of claim posted on their blog and dated November 6, the group of hackers ALPHV, also known as BlackCat, claimed to have stolen more than one terabit of data from the furniture distributor.
To put pressure on the company, the hackers released a sample of the stolen internal documents on the Darknet. Among these data are invoices, contracts or even accounting elements, according to the extracts that we have been able to consult. “Conforama has 48 hours to contact us in order to have a chance to recover your data and protect your customers from a leak”, intimate ALPHV in its note.
Joined this Thursday by Le Parisien, Conforama France ensures that the stolen documents, which date from a period ranging from 2015 to 2019, come from the Spanish and Portuguese subsidiaries only. The French group claims not to have suffered a cyberattack, but has launched an internal investigation to verify.
According to the first conclusions of these investigations, no ransom note was found and none of their servers were encrypted. Conforama France also specifies that it does not keep customer data such as contact details or bank imprints.
Double – or even triple – extortion
ALPHV hackers are not at their first attempt. First seen in November 2021, the group gained traction after another similar network, REvil, was taken down by Russian authorities last January. “Relumni of REvil were scared when they saw some of their members arrested and migrated to ALPHV,” explains Pierre-Antoine Failly-Crawford, head of the incident response team at Varonis, a security and analysis provider. Datas.
The group operates as a “ransomware-as-a-service” (RaaS), that is to say that the malicious software, developed by them and which encrypts the victim’s files, is rented by affiliates who donate part of their loot after extortion. The return on investment is lucrative for these affiliates since it goes “up to 90% of the total amount collected on a ransom”, specifies the expert.
ALPHV can practice double extortion, as it claims to currently do with the Spanish and Portuguese subsidiaries of Conforama. In summary: hackers infiltrate a system, access as much sensitive information as possible, then bring the loot back to their own servers before encrypting the stolen data, thus forcing the victim company to pay a ransom if it wishes to recover its documents. These cybercriminals can also carry out a triple extortion: after having stolen and encrypted the data, they render inoperative the public platforms of the victim company by saturating them with connections.
Several organizations have already been victims of ALPHV cyberattacks in various sectors of activity and countries, “such as Australia, the Bahamas, France or even Germany”, indicates Pierre-Antoine Failly-Crawford. Depending on the notoriety of the targeted companies and the amount of stolen data, hackers usually demand between 400,000 and 3 million dollars in ransom.