At the origin of more than half of ransomware attacks in France between April 2022 and March 2023, according to the company Malware Bytes, the gang of cybercriminals LockBit has struck again in France.
The mafia gang, which is preparing to also attack MacOS terminals, has just pinned the BRL Group, a water specialist in the Occitanie region, to its hunting list.
Despite a “high level of security of its computer systems”, this company reported having been the victim of a computer attack by ransomware on the night of Thursday March 23 to Friday March 24, 2023. “This intrusion which occurred during the night was intended to objective of encrypting and extracting data from our information systems”, underlines the company.
However, the cyberattack did not affect “the continuity of the water service and the performance of our operating missions”, she specifies. The cybercriminals have set the end of their blackmail on April 21.
Small enterprises
The Nîmes company is not the only French organization to have ended up on the site of LockBit cybercriminals. The gang claims to have recently hacked the industrial specialist in waste treatment Séché Environnement, one of the big players in the sector. The company confirmed to Zdnet the cyberattack, specifying that the rapid action of the internal teams had made it possible to “preserve our industrial information system and to limit the consequences as much as possible”. But also a myriad of small businesses, from a supplier of agricultural machinery to an accounting firm and a specialist in boilermaking.
This broad targeting illustrates the findings of industry experts, who note that beyond large enterprises, ransomware cybercrime also heavily affects smaller organizations deemed more vulnerable by attackers.
Hunting table to be taken with caution
This high activity of LockBit cybercriminals is also explained by their form of organization. The gang, which specializes in double extortion – the ransom is used either to decrypt files or to avoid the publication of internal data on the internet – indeed operates in the form of a criminal franchise. Affiliates can take advantage of its infrastructure to launch attacks by leaving a percentage of their earnings to the ransomware developers.
However, LockBit’s hunting roster should be taken with caution. Out of ignorance or boastfulness, cybercriminals have already wrongly claimed to have hacked into organizations. A few days ago, LockBit claimed to have hacked cybersecurity specialist Darktrace. An ad that ultimately turned out to be bogus.