Files stolen from the Alpes-Maritimes department have been published

The Alpes-Maritimes departmental council was the victim of a cyberattack on the night of November 9 to 10. The hackers demanded a ransom, otherwise they would publish the stolen data

On the night of November 9 to 10, the Alpes-Maritimes departmental council had its computer network hacked.
Ten days later, a group of hackers claimed responsibility for the attack, demanding a ransom or releasing the stolen data.
The hackers actually released part of the files.
There are a few days left at the county council before they release the rest.

They carried out their threat.

The hackers responsible for the cyberattack on the Alpes-Maritimes departmental council have just published some of the data stolen the night of November 9 to 10.

We take stock of the latest elements of this case.

Who are the hackers?

The cyberattack was claimed by a group of hackers called "Play ransomware", a ransomware that takes data hostage.

According to the Zataz site, a cybersecurity specialist, they have been active since June and have been posting their victims since mid-November on the dark web.

They then put the date, the geographical location and the amount of stolen data to push the organizations to pay.

This is why the number of victims constantly varies on the site: some are no longer displayed because they have paid.

For those who do not, the files are broadcast.

As for the departmental council of the Alpes-Maritimes.

What are the motivations of hackers?

According to Gérôme Billois, cybersecurity expert at Wavestone and author of the book

Cyberattack: The underside of a global threat,

this international group would be located abroad and its goal would simply be to make money.

“To imagine, it would be like a group of thieves in a parking lot trying to open all the doors and taking what they can before demanding a ransom in exchange,” he explains.

According to him, "Play ransomware" does not even know French, let alone what the Alpes-Maritimes department is.

“In this case, we are talking about an opportunistic attack and not a targeted one, specifies the expert.

Hackers look for targets, enter the system and then demand money.

What has happened since the cyberattack?

Ten days after the hacking of the departmental council's computer network, which took place on the night of November 9 to 10, "Play ransomware" threatened the community to make 13 GB of the 292 stolen available for free if it did not pay a ransom.

Without a response from this one, the data has indeed been published on a free and public server and can be downloaded by anyone.

The hackers have issued a new ultimatum to the department.

He only has four days left to pay.

The ransom amount was not disclosed.

For Gérôme Billois, “the amounts can be very high, thousands of dollars, then decrease according to the intention to pay or not.

The hackers of the cyberattack which affected the computer network of the department of Seine-et-Marne, claimed ten million dollars.

But the expert recalls: “The doctrine of the French government is clear on this, we do not pay the ransoms.

What do these documents contain?

The documents, now accessible to all, relate mainly to personal identity papers, the life of the citizens and the administrative data internal to the community.

According to

Nice-Matin

, these are photocopies of passports, slips, gray cards but also files concerning colleges in the Alpes-Maritimes or even notes intended for the president of the department Charles Ange Ginésy.

"Usually, ransomware groups distribute files on the dark web," says Gérôme Billois.

If these data are so accessible, it is to put maximum pressure on the organization.

And on the side of the county council?

Contacted by

20 Minutes,

the departmental council did not respond to requests on the subject.

During the plenary session of November 25, reported by the local daily, the department had specified that the authors of the cyberattack had succeeded in “penetrating the systems by private access by usurping the identity of an agent”.

Charles Ange Ginésy also added that “the exfiltration of non-strategic office files” represented “0.1% of the overall volume of community data”.

The president had thus assured that the “consequences had been limited” while “the hackers had tried to reach the vital elements of the network, such as the company directory or the backups, in order to compromise them to cause the maximum damage. ".

He had, a week after the facts, requested “collective action” from the association of departments of France to “improve the processes for identifying cyberattacks and the response and crisis management processes during an attack”.

As of November 10, a complaint was filed.

An investigation is underway and a report to the CNIL (National Commission for Computing and Liberties) has been filed.

The hackers risk up to seven years in prison and a fine of 300,000 euros.

What consequences?

Behind this attack, “there are collective consequences, which directly affect the general public”, indicates the cybersecurity expert.

These documents are indeed "sensitive and very personal" which malicious people could take advantage of.

Especially since "this kind of investigation is complex, long and requires international cooperation" as the pirates are "never located in the country", explains the expert.

But it is possible, two weeks ago, a hacker was arrested in Canada.

Company

Alpes-Maritimes: The departmental council under fire from a "cyberattack"

Miscellaneous facts

Nice: What we know about the cyberattack of the Alpes-Maritimes departmental council

Company
Paca
Nice
cyberattack
hacker
Piracy