In quick succession, the group of hackers that takes its name from the Lockbit 2.0 ransomware has claimed responsibility for attacks against the town hall of Saint-Cloud and especially against the Ministry of Justice. He threatens to reveal sensitive documents if the ransom is not settled on February 10.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?
Hold the Ministry of Justice to ransom, you have to dare! Hackers did it. At least, that’s what they claim… On Thursday, January 27, the group of hackers named after the ransomware Lockbit 2.0 claimed responsibility for the hacking of the Department of Justice servers, as well as their encryption and demanded a ransom note. If the Ministry does not settle the latter by the February 10 deadline, the pirate threaten to release sensitive Chancellery documents. They would have got their hands on about 10,000 files whose importance is unknown.
The city of Saint-Cloud and the company Études Services Travaux Parisiens et Matériaux (ESTPM) are also part of the list of claims claimed by the group, with the threat of disclosing around 8,000 documents for the first and 3,800 for the second.
For the moment, there does not seem to be any panic on the side of the ministry. There was indeed a security incident according to various sources, but according to experts, only one of the many entities of the ministry could have been impacted. It is therefore possible that this piracy is much less successful than announced and that this claim is essentially a bluff on the part of its authors to create buzz.
Bold attack or buzz shot?
The name of this group comes from malware LockBit 2.0. This fearsome ransomware has been around for a few years and has since evolved in the form of increasingly sophisticated variants or with specialized attributes. It is mainly used for attacks targeted. The ransomware takes the data hostage by encrypting it. To get the key to decryption, he demands a ransom. A classic, proven formula, but it doesn’t stop there.
To ensure getting this ransom, if the victim refuses to pay it, cyber criminals threaten to release the sensitive data they have collected. In terms of how the group works, LockBit is akin to ransomware-as-a-service. This means that it is possible to hire a custom attack and reap the benefits. Then the loot is split between the LockBit developers and the operators.
This is why the group which gate this name is quite informal because it is essentially made up of operators who do not necessarily hunt in packs. In recent months, the hacking actions that his supporters claimed were sometimes much less spectacular than announced. This is why doubt remains about the impact of the attack that affected the Ministry of Justice.
Thus, at the end of 2020, while LockBit 2.0 operators claimed to have hacked Schneider Electric, nothing happened. The leaked data had nothing to do with the firm. In January, the authors of the latest attack dated claimed to have stolen data from Thales. However, these were not strategic. In the end, according to cybersecurity experts, of the 400 claims from LockBit 2.0 operators, around 60 are false or exaggerated. This is why the veracity of the ministry’s attack has yet to be assessed. To see more clearly, given that a ministry is the target of this cyberattack, the sleuths of the National Agency for the Security of Information Systems (Anssi) are on the spot.
Interested in what you just read?