Pirates are playingliar poker“, affirmed Sunday September 25 on franceinfo Damien Bancal, journalist, specialist in cyberdefense and cyber-intelligence and editor of the site Zataz.com, while the group of Russian-speaking hackers Lockbit 3.0 which orchestrated a cyberattack by encryption against the South Hospital Center Francilien de Corbeil-Essonnes (CHSF), began disseminating data on Friday, September 23. For hackers, “everything is sold and everything is bought“, emphasizes Damien Bancal. Their “main mission is to get money“.
franceinfo: Is it a standoff that is being played out between the hackers and the management of the Corbeil-Essonnes hospital?
Damien Bancal: It is exactly that. One could even say arm wrestling and lying poker. Hackers have known this all along: any company that doesn’t pay for their malice will end up with all of the data that may have been exfiltrated, released as a free sample that will show other companies that may have been infiltrated, that if they never pay, they will end up exactly the same with their data which will be broadcast.
Getting your hands on administrative and medical data, is that the heart of hacking?
We are dealing with hackers who have invented what I call ‘malicious marketing’. When they have infiltrated and blocked the company – the hospital center in this case – they say to themselves, we are blocking everything and we will be paid for the unblocking. Except that they added malevolent blades to their Swiss army knife. If the company does not pay for the unblocking, it may pay for the fact that these pirates do not disseminate the information. And if ever the company does not pay this second demanded ransom, they will receive money, either by broadcasting for free as a sample, which will scare other companies. Either outright, they will resell, they will redistribute to other pirate colleagues and partners, whose main mission is to earn money.
A medical x-ray, an exam result, what is that worth to hackers?
For computer hackers, everything can be sold and everything can be bought. We are dealing with a database in which we will be able, for example, to find an email address. This will be resold to hackers who will orchestrate phishing attacks, pretending to be health insurance, for example. With phone numbers, they will be able to receive and send text messages from health insurance or other fake entities. This will allow these hackers and their colleagues to monetize these databases they want.
Once this data is in the hands of hackers, there is nothing more you can do about it?
Therein lies the big problem. We know that we have very competent people, for example at the C3N (Center for the fight against digital crime), the gendarmerie, who are working on the subject. But from the moment the data has leaked, this data is permanently lost. They are in the hands first of these hackers, the first-time buyers. Except that when they broadcast, we have lots of little leeches that stick to the data they broadcast for free, pirate leeches that will extract the information that interests them. And they’re going to use them in three weeks, six months, a year. This data will continue to live in the hands of hackers, even after I die.
These Russian-speaking hackers, this Lockbit 3.0 group, are they known, are they spotted?
They are only too so they act. A very concrete example. Since the case of Corbeil-Essonnes, they have more than 150 other victims in their bag of malicious. We know them, because they communicate a lot, because they are easily reachable. We can talk to them. That’s what’s absolutely crazy. They have set up after-sales services. Now, to know where they are… If they are in the depths of Russia, it will be very complicated. Today we are clearly dealing with piracy that is well established, because they invented malicious marketing. They communicate. We have hackers who are not even afraid to phone their victims or even phone the business partners of the victims they have infiltrated. They are capable of anything because they know there is money. A small figure that I took out of our own research: out of 170 companies in the world hacked and communicated in recent days, 42 have already paid.
Has the number of hacks for ransom increased sharply in France lately?
It exploded. Just the example of Lockbit, this famous group with the hospital center, in one week, it already displayed fifteen other new French companies that it had infiltrated, and therefore exfiltrated into information that they could have stolen.