This is yet another sign of the limitless cynicism of opportunistic hackers.
The Everest cybercriminal gang has been posting Charlie Hebdo's name as the victim of their ransomware on their Darknet claim site since Monday at least.
Except that the satirical newspaper was not hacked but is a collateral victim of a cyberattack in the spring against a Parisian law firm, one of whose clients was registered as a civil party in the trial of the attack committed by the brothers. Kouachi in January 2015.
Hackers try to force the victim's hand and extort a cryptocurrency ransom from him in a pattern well known for almost two years of the double extortion.
The criminals break into the computer system and then paralyze it by encrypting the servers just after having exfiltrated the most precious data.
The blackmail phase then begins.
Everest attempted to sell the victim their data decryption key, the key to accessing it again.
But if the victim refuses to pay, they activate a second lever: the threat of publishing the siphoned data or reselling it to the highest bidder.
A Charlie Hebdo file among thousands
The crooks had published a broader claim earlier and claimed to have recovered 820 GB of sensitive data such as reports of police hearings, medical examinations and exchanges between the anti-terrorist prosecution and the police officers of the Anti-Terrorist Sub-Directorate (SDAT).
Hackers quickly spotted the potential of one high profile case in particular, Charlie Hebdo, whose name is known worldwide after the wave of emotion sparked in 2015.
Everest claims to have 21 GB of data in its possession, or 1,106 files and nearly 21,000 files.
They set a first sale price of $ 50,000, according to the information we have been able to consult.
The stolen files are hosted on a Ukrainian storage service.
No sample is currently downloadable, as is often the custom in these extortion attempts.
Objective: to push the victim to outbid to avoid dissemination.
But the first elements, including a photo of the crime scene included in the investigation file, would be in circulation on hacker forums, according to France Info.
Diligated by the cyber prosecutor's office J3 of Paris, an investigation has been underway since July 1 and has been entrusted to the cyber police officers of the PJ of Lyon and of the Central Office for the fight against crime related to information and communication technologies. communication (OCLCTIC).
It has already resulted in the arrest and indictment, according to a judicial source, of a man who wanted to play the financial intermediary between the law firm and the group of hackers.
A judicial investigation was opened last November 14 against him for "fraudulent access and maintenance in an automated data processing system, hindering the operation of such a system, organized gang extortion and criminal association".
