La Poste mobile, a telephone operator belonging to the La Poste group and with approximately 1.8 million subscribers, was the victim of a computer attack, the company announced on Friday July 8 in a press release. “The administrative and management services of La Poste Mobile were victims, on Monday July 4, of a malicious ransomware-type virus”the company said.
Ransomware are viruses designed to cripple an organization’s computer system. The attackers generally start by infiltrating a network, taking control of a certain number of devices, then infecting the computer equipment of the entity (company, community, hospital, association, etc.) to render it unusable. They then demand a ransom from their victim in exchange for the decryption key to restore the files of the affected devices.
Potentially stolen data
The La Poste mobile site and its customer area are currently inaccessible, a message now explaining that the operator has been the victim of an attack. “La Poste Mobile’s IT teams are currently diagnosing the situation. The first analyzes establish that the servers essential to the operation of the mobile lines of the customers have been well protected “promises the group.
The intrusion was claimed overnight from Thursday to Friday by Lockbit, a gang very active in ransomware and which recruits accomplices specializing in computer intrusion.
He is “it is possible that files present in the computers of employees of La Poste mobile have been affected”explains La Poste in its press release, adding that “some of them may contain personal data”, without further specifying which ones. On its site, Lockbit for its part claimed to have stolen a number of files from the company, and has already released three screenshots of what looks like a list of customers, containing names, first names , cities, phone numbers and email addresses.
Like many gangs involved in extortion and data theft, Lockbit has a site where it continuously publishes the names of its victims, as well as documents stolen during its attacks. Normally, a countdown is displayed, warning readers, and victims, that all hijacked files will be released after a certain period of time. This commonly used method is used to put pressure on the attacked companies to pay the demanded ransom.
Few clues to the whereabouts of Lockbit operators and affiliates exist so far. Like many such programs, Lockbit ransomware is designed to not infect computers located in Russia or Russian-speaking countries. In addition, the core of the group has been active on a discussion forum in Russian well known in the cybercriminal sphere. Two elements that may suggest that members of the group are at least Russian-speaking, or even operate from Russia or a close country.
#Poste #mobile #victim #ransomware #attack #claimed #Lockbit #group
