Hackers from ransomware gang Lockbit 2.0 claimed to have hacked into the French justice ministry on Thursday (27 January). They said that if the ransom is not paid by 10 February, the stolen data will be published. EURACTIV France reports.
A total of 9,859 files are ready to be disseminated on 10 February, according to the hacker’s blog, which displays a countdown.
The justice ministry told the press that it “immediately organised to carry out the necessary checks in conjunction with the competent services in this area”. However, Acteurs publics journalist Emile Marzolf wrote on Twitter that the cyberattack had been “confirmed to him by a source within the ministry”.
EURACTIV France confirmed that the ministry’s services detected technical traces of an intrusion. Still, the extent of the attack, the nature of the documents stolen, and the ransom amount remain unknown for now.
Lockbit 2.0 also claimed responsibility for a similar attack on the services of Saint-Cloud’s town hall in the outskirts of Paris. French daily Le Parisien reported that the town’s mayor had already announced that he would not pay a ransom.
Contacted by EURACTIV, the French National Agency for Information Systems Security known as ANSSI was not available by the time of publication.
It is still difficult to judge whether this could be a PR stunt carried out by the hackers ahead of the French presidential election or a threat based on genuinely sensitive data.
Lockbit 2.0 hackers have been very active in the past several weeks, however.
On 17 January, the group published nearly 1,320 internal documents after Thales Alenia Space, part of Thales group, did not pay a ransom.
The cyberattack comes a day after the Court of Auditors published a report on the digital transformation of the justice ministry, which points out that “a lot of work remains to be done” when it comes to the security of its information systems.
The hacking is also part of the recent boom in attacks, particularly ransomware. In ransomware attacks, hackers use malware to infiltrate systems and encrypt data. To restore access to the encrypted data, they usually demand exorbitant sums of money.
Compared to 2019, the number of reports linked to this type of cyber threat has increased fourfold, ANSSI wrote in its activity report for 2020. The French authority added that local authorities, hospitals, and industrialists were the primary victims of these attacks.
[Edited by Luca Bertuzzi/ Alice Taylor]