In the area of ​​cybercrime, groups come and go on a regular basis.

While the ransomware group behind REvil is currently undergoing numerous arrests, a new group has just been identified by ANSSI researchers under the name Lockean.

The National Information Systems Security Agency says it discovered this group after noticing several points in common between the attacks that affected the pharmaceutical company Pierre Fabre, the pharmaceutical company Fareva and the newspaper Ouest-France.

An active group since 2020

Over the past year and a half, the group has reportedly compromised the networks of at least eight French companies.

Lockean's activity was first noticed in 2020 when the group hit a French manufacturing company and deployed DoppelPaymer ransomware on their network.

Between June 2020 and March 2021, Lockean then attacked at least seven other companies with various RaaS (Ransomware-as-a-Service) families like Maze, Egregor, ProLock or REvil.

In most of the attacks described in the ANSSI report, the group obtained initial access to the victims' network through Qbot.

Also known as QakBot, this Trojan spreads other malware, including the ProLock, Egregor, and DoppelPaymer ransomware strains.

Qbot mainly spread through emails from the now defunct Emotet botnet.

In at least one known case, Lockean used the IcedID malware delivery service to gain access to the network.

A modus operandi based on double extortion

ANSSI also notes that when a ransom is paid, Lockean retains on average only 70%.

The remainder is intended for the developers of the RaaS.

To increase its profits, the group therefore opted for the double extortion model.

This consists of putting pressure on the victim by recovering their data before encrypting it and then threatening them to post it on a website with the aim of paying the ransom.

This threat of data breach, which has bigger implications, makes victims more willing to pay a ransom.

Lockean is the second ransomware affiliate identified this year.

In August, the FBI shared information about OnePercent, an actor that has struck organizations in the United States with various strains of ransomware.

High-Tech

The StripChat site reportedly leaked the data of 65 million users

High-Tech

Russian hacker group Nobelium attacking European organizations?

  • Business

  • Cyber ​​attack

  • Personal data

  • Cybercriminality

  • Phishing

  • Cybersecurity

  • High-Tech

  • 0 comment

  • 0 share

    • Share on Messenger

    • Share on Facebook

    • Share on twitter

    • Share on Flipboard

    • Share on Pinterest

    • Share on Linkedin

    • Send by Mail

  • To safeguard

  • A fault ?

  • To print