Large tile for the Alpes-Maritimes department. The community, which had deplored having been the victim of a computer intrusion on the night of Wednesday, November 9, has just discovered that the hackers behind the attack had just leaked numerous documents on their site.
290 gigabytes of stolen data
As noted by security researcher Clément Domingo, the attackers, Play Ransomware, published a first batch of data last Monday, with for example copies of “identity cards, passports, bordereaux and gray cards” , he told the regional daily Nice Matin. Or 13 gigabytes of files, downloadable via a mega link, which are only an appetizer. The malicious hackers, who also targeted digital services company ITS Group, claim to have stolen a total of 290 gigabytes of data, files they promise to release within five days, by Friday, in the absence of reaction of their victim.
The local authority had initially praised “the rapid reaction of the agents” which had “made it possible to limit the scope of the attack, both in terms of server contamination and data breaches”. “The very content of these data as well as their precise perimeters are still being assessed”, added the department, which had lodged a complaint and notified the incident to the Cnil.
Similarities with Hive
Third departmental community affected this fall by a computer attack, with Seine-Maritime and Seine-et-Marne, the Alpes-Maritimes are for the moment the only ones to deplore a data leak. A region, Guadeloupe, was also the victim of a computer intrusion.
The arrival of Play Ransomware on the criminal ransomware market was spotted last July by researchers at Trend Micro. A month earlier, the first victims had appeared. For the specialists of the computer security company, there are notable similarities between this new gang with the Hive franchise, which has already to its credit more than 1,300 victims for an estimated loot of 100 million dollars. Play Ransomware is also related to Nokoyawa ransomware, while a connection would also be possible with Quantum ransomware, an offshoot of the infamous Conti gang, which exploded mid-air after dissension over the Russian invasion of Ukraine.