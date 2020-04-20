No truce for pirates on the front of cyberattacks. A group of hackers claims for 48 hours to have carried out a cyber attack of the “ransomware” type against the entire computer system of the National Agency for Professional Training of Adults (Afpa).

Very popular since the start of the year, a ransomware (or ransomware) attack involves first entering the heart of a computer system to steal everything that is stored on servers and computers on the network. The next step is to remotely launch a malicious program that paralyzes access to these files by encrypting them with a key of which only the attacker has the secret.

Encrypted servers, stolen data

Contacted, Afpa confirmed “a security incident on the night of March 7 to 8, which did not disrupt the operation of our services for a long time”. The public body claims to have regained control of the system at the end of the weekend.

By a publication on the parallel Internet Tor, cybercriminals – who operate the DoppelPaymer ransomware – have boasted in recent days of their “hunting trophies”: the detailed list of the 65076 machines (servers and workstations) to which they would have had access.

The Afpa recognizes, for its part, that three workstations and a hundred servers were thus encrypted by the malware, but that a restoration of an earlier backup made it possible to avoid any loss of data. Also according to Afpa technical teams, the program that paralyzes infected machines would not have worked on the rest of its fleet of 1,500 servers thanks to up-to-date antivirus.

No ransom note sent

The hackers still managed to use themselves because they posted, on a site that serves as their window, examples of stolen files. This is internal technical documentation or the summary of current projects. A usual means of pressure on the victim.

Objective: prepare a bitcoin ransom note to release this content or rather not distribute it.

Many companies such as the construction giant Bouygues or Vissor, an American supplier of Boeing and Tesla, were recently victims of such an extortion operation.

Cybercriminals have not yet ransomed the public establishment, according to our information. “They only recovered Excel documents of which all the information is public. There is no sensitive data to cash and Afpa has no money anyway, ”said an internal source.

As required by law, the Cnil was warned of this intrusion and the data leak, as did Anssi and the Ministry of Labor on which the Afpa depends.