Since Wednesday April 6, the Department of Ardèche has been the victim of a cyberattack, which for the moment has consequences mainly on office work in departmental services. The attack was claimed by a Russian-speaking cybercriminal group, Lockbit 2.0, on Friday.who demanded a ransom within three days. “The purpose is simple: I steal information from you, and if you don’t want me to broadcast it, pay me!” laid Damien Bancal, cyber-intelligence specialistauthor of the zataz.com blog, contacted by France Bleu Drôme Ardèche.
What to steal from a Department?
For Damien Bancal, the Department of Ardèche is one target among others. “Hackers today attack a department like they would attack a clinic or a company or an individual. Their mission is to infiltrate and steal data, and then blackmail”.
Everything is resold. It’s not just bank details that interest hackers – Damien Bancal, cyber-intelligence specialist
The Department of Ardèche does not officially communicate for the moment on this ransom demand and on the nature of the stolen data. Precision however, this Monday, April 11: the technical investigations started from the first days. Cyber-security experts support the Ardèche IT teams. “Let’s be honest: the Department will not pay. Even if we are a company or an individual, we do not pay. Because we are dealing with criminals” assures Damien Bancal.
It can be photos, text files or processing of human resources or accounting. The risk is to be forced to wait for the moment when they will broadcast it, in spaces dedicated to hacking.
Does the Department of Ardèche have interesting data for hackers to steal? “Unfortunately yes” emphasizes the specialist, who speaks of a “malicious marketing”recalling that everything is sold. “If it’s just email addresses, it will be able to be used for fishing, phishing, or attempted fraud by email. Are there phone numbers? Good for them, _they will be able to send trapped sms_“ he continues. “They then have personal and private data; everything is resold, it’s not just bank details that may be of interest to hackers.” So even without a ransom, by spreading the stolen data, hackers will earn money. These are resold on the “black market”cyber-markets of stolen data.