No end of year truce for cybercriminals.
Victim of a major cyberattack during the Christmas weekend, the city of La Rochelle (Charente-Maritime) received a very bad greeting card.
The Russian-speaking group Netwalker claimed responsibility on its blog on Monday for the attack on IT services and especially the theft of data, of which it published a sample accompanied by a two-week countdown.
Objective: to put pressure so that the municipality pays a ransom in virtual currency in order to recover this data or the criminals will publish the stolen files.
/
The data siphoned off and exhibited by hackers covers the various museums in the city and municipal projects or decrees.
In a press release, the port city recognized last week "a cyberattack suffered by the networks of the City of La Rochelle and the Agglomeration on December 27" and praised the responsiveness "of the agents of the shared IT department disconnected very quickly the two networks and thus avoided the proliferation of the attack ”.
Too late, the cybercriminals had apparently already looted the servers.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
"They succeeded in breaking into 30 of our 150 servers and they left behind a note explaining how to pay the ransom", detail the IT services of La Rochelle, contacted by Le Parisien-Today-en-France.
"We do not know exactly what they took and we have no proof for the moment that they have important data" assure the technicians working with the support of Orange Cyberdefense.
La Rochelle refuses to pay
The municipality does not intend to pay the ransom and has a "healthy backup in order to restore data that we have not, in any case, lost".
If the publication threat is carried out, the city's data protection officer (DPO) would contact the Cnil and the persons concerned, as required by European law.
La Rochelle has already lodged a complaint with the judicial police in charge of a long and tortuous online investigation to find the operators of Netwalker.
More discreet but just as effective as its cousins DoppelPaymer, Egregor or REvil, the Netwalker crypto-software is part of the Malware as a Service (Maas) family, the most widely used rental malware at the moment.
A flourishing business
Network thinkers have designed malware that can encrypt - cripple - a computer network while exfiltrating valuable data.
Small hands "rent" and then operate the malware, resell their loot to other hackers or extort the victim and donate a percentage of their profits to the creators of the ransomware.
"They impose a deadline for the victim to pay and they are also known to add a layer of psychological threat by sending their victims an analysis report of their computer systems a few days after their intrusion", decrypts Grégory Cardiet, technical director of Vectra, American specialist in cybersecurity.
“The attackers want to prove that they are still in control despite the intervention of disinfection specialists.
It is a sales technique for them which works because the victims pay more often ”underlines the cyber expert.
Several town halls in Ile-de-France, large companies such as Bouygues Construction or Ubisoft and SMEs are the target of these sophisticated attacks made accessible to a growing number of hackers last year and which will unfortunately continue to surge in 2021.