Particularly prolific in the data flight and extortion, the group threatened, on its site, to disseminate hacked data.
by
La Poste Mobile, a telephone operator belonging to the La Poste group and counting approximately 1.8 million subscribers , was the victim of a computer attack, the company announced on Friday July 8 in a statement. “The administrative and management services of the mobile post office were victims, this Monday, July 4, of a malicious virus of the ransomiciel type,” said the company.
Rançongiciales are viruses designed to paralyze the computer system of an organization. The attackers generally start by infiltrating a network, take control of a certain number of devices, then infect the computer park of an entity (company, community, hospital, association, etc.) to make it unusable. They then ask their victim a ransom in exchange for the deciphering key to restore files of the apparatus concerned.
potentially stolen data
The mobile post site and its customer area are inaccessible for the moment, a message now explaining that the operator has been the victim of an attack. “The IT teams of La Poste Mobile currently carry out the diagnosis of the situation. The first analyzes establish that the servers essential to the operation of the mobile lines of customers have been well protected,” promises the group.
The intrusion was claimed on the night of Thursday to Friday by Lockbit, a prolific gang specializing in ransom and having recruited a large number of affiliates, these accomplices specialized in computer intrusion.
It is “possible that files present in computers of employees of the mobile post have been assigned,” said La Poste in its press release, adding that “some of them could contain personal data”, without specify more which ones. On its site, Lockbit said that it has stolen a number of files to the company, and has already broadcast three screenshots of what looks like a list of customers, containing names, first names , cities, telephone numbers and email addresses.
Like many gangs practicing extortion and theft of data, Lockbit has a site on which he publishes over the water the names of his victims as well as documents stolen during his attacks. In principle, a count is displayed, warning the readers, and the victims, that all the exfiltrated files will be published after a certain period of time. This commonly used method is used to put pressure on the companies attacked to push them to pay the ransom requested.
Some indices on the location of the operators and affiliates of Lockbit exist to date. Like many software of this type, Lockbit’s ransomware is designed in a way not to infect computers located in Russia or in Russian -speaking countries . In addition, the group’s nucleus was active on a well -known Russian discussion forum in the cybercriminal sphere. Two elements that may suggest that group members are at least Russian -speaking, or even operate from Russia or a nearby country.