LockBit, these Russian-speaking hackers who regularly target France

Several thousand customers of the Voyageurs du Monde agency saw their passport information leaked on the Internet on Tuesday, May 30. Victim of a cyberattack in mid-May, this travel agency refused to pay the ransom demanded by hackers from a group called Lockbit. In retaliation, the latter published the data of more than 8,000 customer passports on their site, available on the dark web.

A preliminary investigation was opened in the process, confirmed the Paris prosecutor’s office on Tuesday June 6, in particular for extortion in an organized gang.

Several cyberattacks in France

LockBit is not at its first attempt. Named after the eponymous software created in September 2019, this group of Russian-speaking hackers has carried out numerous cyberattacks on French companies or communities in recent months. LockBit was notably at the origin of computer intrusions within the Thales electronics group, in January 2022, La Poste, in July of the same year, the Corbeil Essonnes hospital, in September or even the company of luxury Nuxe in January 2023.

Some foreign companies have also been the target of these cyberattacks, such as the Royal Mail (British Post) or the Canadian bookstore chain Indigo Books & Music. In March, hackers attempted to attack a subcontractor of Elon Musk’s company, Space X, threatening to reveal sensitive data. According to cybersecurity group NCC group, LockBit is believed to be behind the highest number of “ransomware” attacks in 2022 – 846 in total.

Ransomware

With each cyberattack, hackers use the same modus operandi, that of “ransomware”. This type of software allows cybercriminals to download sensitive data to encrypt it. All that remains is to claim a sum of money in exchange for the recovery of this data. Ransomware can also temporarily block access to a server or website.

LockBit is constantly improving its tools: after a 2.0 version developed in 2021, the group now claims to be “LockBit 3.0” since the development of new IT capabilities, identified in June 2022. The group of hackers also practices the “bug bonus” , which consists of remunerating Internet users capable of detecting flaws in the hacking software.

Hackers russophones

Lockbit is therefore made up of independent hackers, whose founders claim to have been born in former republics of the USSR. According to statistics from the American company Chainalysis published in February 2022, 74% of the money earned by ransomware attacks in 2021 ” ended up in the hands of pirates in Russia ».

These cybercriminals thus spare the Russian power and its allies from their attacks, which in exchange tolerate their activity. The group, however, claimed responsibility for the cyberattack of the Hong Kong branch of the Chinese newspaper China Daily in May 2023, a first.