One of the most active hacker groups of the moment, Sodinokibi / REvil, has just made a new French victim.
SIPLEC, importer, among others, of fuels and textile products from the Leclerc group, is the target of an extortion attempt after having suffered a ransomware-type cyberattack and a potential theft of internal data.
“Siplec confirms that it was the target of a cyber attack on the night of November 7 to 8, 2020. The company's information systems were immediately isolated and a crisis unit, made up of internal and external experts, was called up. has been triggered, ”explains this international purchasing center which supplies 804 group brands throughout Europe.
“All the specific security procedures necessary have been implemented to ensure the non-compromise of the servers and the recovery of control of the entire system has been ensured.
The activities of SIPLEC were able to restart on Monday, November 9, ”tries to reassure the company with 330 employees and € 13 billion in turnover.
Specialized in attacks against large targets, the hackers claimed responsibility on Wednesday for their act and threatened on their blog hosted on the Dark Web to auction the siphoned information.
The E.Leclerc group did not recognize the data theft: “an assessment is underway to identify the impact of this attack on any destruction or loss of data.
This assessment should be finalized within 8 days.
"
But Sodinokibi's current methods leave little room for doubt.
"These attackers apply the double penalty: encrypt the victim's systems and data and exfiltrate the information they are going to resell or use them as a means of blackmail for ransom," analyzes Julien Billochon, cybersecurity expert at Cybereason.
Newsletter - Most of the news
Every morning, the news seen by Le Parisien
I'm registering
Your email address is collected by Le Parisien to enable you to receive our news and commercial offers.
Learn more
“Since the start of the year, this type of organization has specifically targeted large companies after recognition and social engineering work that allows them to strike harder and more deeply,” assures the expert.
A group of Russian-speaking pirates
And sends a prevention message: "The attachments used to spread the software that infect computer networks now come from recognized email addresses or very close to the real ones.
A simple email exchange is enough to open a corrupted Excel file ”.
At the end of September, SIPLEC had also alerted its suppliers that cybercriminals were using fraudulent email addresses to usurp the identity of buyers and send fake purchase orders to hack them.
The group that operates the "ransomware" Sodinokibi is known for its Russian-speaking hackers who refuse to attack companies in countries of the former Soviet bloc, according to the latest report on the threat from Anssi.
Already strongly suspected of being behind the attack on video game publisher Capcom, they also refuse to share their attack capabilities with English-speaking partners, which complicates their infiltration by security services and de facto their dismantling.