Very bad surprise for the specialist in gift boxes.
Wonderbox was the victim of a ransomware-type cyberattack at the end of January after siphoning off its servers… according to the Darkside hackers.
The company refuses to confirm the extent of the damage but confirms that it has received a ransom demand.
“The Wonderbox Group was the subject of an attempted Darkside ransomware cyberattack on January 30, 2021. The intrusion was detected by the Group's IT department, making it possible to prevent the theft of important data.
The incident therefore had no impact on our systems and data, ”says Mickaël Lenoir, its Director of Information Systems.
Hackers threaten to leak data
“Our teams were able to continue working normally.
Cybersecurity is in our minds on a daily basis to improve its efficiency more and more, ”he insists.
As has become almost systematic since 2019, cybercriminals have yet claimed the intrusion and theft of data on a dedicated DarkWeb site.
They claim to hold 30 GB of data, including financial documents and personal information of which they give a sample with a screenshot.
And send a threatening message: "The data is pre-loaded and will be automatically published if you do not pay".
The hacker group published a sample of the stolen data.
DR / LP
Less known than the rival cybergangs, Egregor or REvil, the Darkside group started to be talked about last summer.
It operates like its competitors a "ransomware-as-a-service", that is to say that the malicious software, developed by them and which encrypts the victim's files, is rented by affiliates who donate a part of their booty after an extortion.
They usually hunt big fish that can afford to pay hundreds of thousands of dollars claimed in virtual currencies.
"They are also known to have quickly undergone a response from the cybersecurity company Bitdefender which made available to victims a decryption tool but they reacted quickly to update their ransomware", points out David Bizeul, the technical director of Sekoia, a cybersecurity company.
The origin of these cybercriminals remains uncertain.
They often communicate in Cyrillic on Russian-speaking hacker forums and use Iran-based servers to store data stolen from their victims.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/KLSYQ32RGZFXLNNDYPWLUR2EWE)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/2C5HI6YHNFHDLJSBNWHOIAS2AE.jpeg)
