After the attack, blackmail. The group of hackers who managed to infiltrate Thursday into the IT system of the Bouygues Construction group is trying to extort the construction giant.
“A ransomware or ransomware-type virus attack was detected on the Bouygues Construction computer network on January 30. As a precaution, the information systems have been shut down in order to prevent any spread, ”the group confirmed in a press release issued on Friday afternoon.
Cybercriminals did not leave empty-handed, according to several sources.
Private employees of internal software
The cyber attack targeted the servers hosting confidential data. The attackers allegedly managed to take possession of the documents before the group's technical teams cut off access to the entire computer system to fill the leak.
“The equipment is gradually being put back into service after being tested. The operational activity of the sites has not been disturbed to date ”according to the communication from the group present in 80 countries.
As of Friday afternoon, the thousands of employees in the construction group still had no access to internal software or their professional mailboxes.
“No more services are working. Our sites are blocked because of orders that cannot be placed. The accounting management software is also stopped: there is no payment from subcontractors or customers, ”said an employee based in the United Kingdom.
Newsletter - The essentials of the news
Every morning, the news seen by Le ParisienI'm registering
Your email address is collected by Le Parisien to allow you to receive our news and commercial offers. Find out more
"It seems that the situation will not improve in the coming days, we have had confirmation from the technical services," he said.
The ransom track is confirmed
Another internal source confirms that the heads of service were informed by the headquarters of an ongoing computer ransom operation. The hackers contacted the company and provided evidence, such as screenshots, stolen data, the source said.
Damien Bancal, Cyber Intelligence director of the cybersecurity start-up 8Brains, assures us that he was able to chat with hackers. He gives us a ransom figure, but, not having been able to match it, we will content ourselves with evoking a range of several million euros.
"They also assured that if they were not paid, all the content of the servers would be made public and that Bouygues Construction would ruin itself in lawsuits," said this sector reference.
The extortion technique is unfortunately well proven: cybercriminals demand a large sum of money in exchange for the non-disclosure of commercial data which are obviously sensitive. This data blackmail technique affects more and more companies from the top ten of the CAC 40 to SMEs.
A fashionable attack technique
Guillaume Poupard, boss of Anssi often called to the rescue for his technical expertise, feared during his assessment of 2019 "the rise of cybercrime which affects infrastructure with national security impacts".
If the list is kept secret, a group with a market share as large as Bouygues Construction is one of the Essential Service Operators defined by law. He is therefore obliged to report the incident to the authorities, who can then provide him with technical support to close the security holes and restart his information system.
In May 2019, the network of a Canadian subsidiary of Bouygues Construction had already been compromised by the Ryuk ransomware that had encrypted its Windows servers, according to the Anssi annual report.