This network had caused some 200 French victims. This Tuesday, February 20, the British Crime Agency (NCA) announced the shutdown of LockBit, a notorious cybercriminal network. Presented as “the most harmful” in the world, the group was dismantled during an international police operation.
The Paris public prosecutor, Laure Beccuau, specified in a press release that her anti-cybercrime section (J3) had participated in this operation on February 19. The FBI, Europol and a coalition of agencies from several countries also intervened with the aim of “taking control” of LockBit’s services and “compromising their entire criminal enterprise”.
And if the Paris prosecutor’s office, initiating an investigation in 2020, is so involved in this operation, it is because France is a major target. According to the 2022 data from Anozr Waya start-up for protection against cyber risks, France is the second country in Europe most affected by ransomware – a virus or malicious software encrypting computer data.
Increase in LockBit’s presence in France
At the same time, according to a report from the National Information Systems Security Agency (ANSSI), 27% of ransomware cases handled by the institution have been attributed to the LockBit group over the past two years. “It should be noted a strong increase in the presence of LockBit in France in 2022 and 2023,” says the agency. In fact, 10% of cyberattacks were attributed to them in 2021, and 2% in the second half of 2020.
Hospitals, town halls, businesses… “In France as in Europe, the most targeted companies are VSE-SMEs and public sector companies,” says the Anozr Way platform. Starting with the La Poste Mobile site which, in July 2022, was under maintenance for several days, preventing its 1.8 million customers from accessing a whole range of services, such as activating their SIM cards. or access to their invoices. An attack claimed by LockBit.
In September of the same year, the network claimed responsibility for the cyberattack which paralyzed the Sud Francilien hospital in Corbeil-Essonnes (CHSF). The computer attack had made all of the hospital’s business software and storage systems inaccessible. LockBit then threatened to release all data, particularly medical data (care card, medical history and diagnosis of its patients).
A few months later, in December, it was the turn of the Versailles hospital center, located in Chesnay-Rocquencourt (Yvelines), to suffer the same type of attack. As a reminder, in France, the law prohibits public establishments from paying a ransom, whatever the context.
$120 million in ransoms
In addition, in November 2022, the Thalès group saw an archive of 9.5 gigabytes of data leaked on the LockBit site. These documents notably mentioned a project by Thalès and the company Novatis Resources, based in Malaysia, to set up aerial surveillance tools for the Malaysian airport of Kota Kinabalu, as reported The world.
Added to this is the attack on the French agency Voyageurs du Monde, with nearly 10,000 passports of the agency’s clients published online. A preliminary investigation was opened on May 30 by the Paris prosecutor’s office.
Worldwide, according to the NCA, LockBit has caused some 2,500 victims, like the aircraft manufacturer Boeing or the Japanese space agency. The network collected more than $120 million in ransoms in total, according to the United States.