It is a new type of ransomware that has specialized in targets in the healthcare industry. In a publication on their DarkWeb site, the Babuk group of cybercriminals claimed responsibility for the intrusion and theft of 23 GB of data from YposKesi’s computer system on Friday evening. The result of the work of the Généthon laboratory, this pharmaceutical industrial nugget is notably at the cutting edge in the production of gene and cell therapies.
The company, based in Corbeil-Essonne (Essonne) and created in 2016 by AFM-Telethon and the SPI public fund, refused to confirm the cyberattack. “I am not commenting on this subject”, its CEO Alain Lamproye simply told us over the phone.
Like many cybercriminal gangs, Babuk practices the double extortion technique. After infecting a computer system, hackers trigger malicious software or “ransomware” that will encrypt – make inaccessible – all data hosted on the network. Then, they leave behind a ransom note file.
Threats of dissemination of contracts
Hackers have previously taken care to extract the items with the most market value that they will cash to the highest bidder or use to demand payment in exchange for their return. If the victim does not comply and has backups, the attackers then threaten to disclose their loot on the Internet.
Babuk released a sample of the siphoned data in order to increase the pressure on the victim. The documents we have been able to consult are contracts with pharmaceutical laboratories, confidential agreements between companies and screenshots of stolen files and sub-files.
“They have the same techniques as all the other groups that have been operating ransomware for a year” analyzes Jérôme Saiz, expert in cyber crisis management at OPFOR Intelligence. “These are piracy Stakhanovists who are carrying out attacks one after the other. They do not look in detail at what they steal but know the profile of their victim well and how much they can demand ”. YposKesi, which means promise in ancient Greek, has around 180 employees and achieved a turnover of € 12.3 million in 2019.
Newsletter It brings me back
The newsletter that improves your purchasing power
The reconstruction project promises to be long, from 3 weeks to 1 month, to remove the threat and rebuild a healthy computer system. So much time wasted in advancing medical research.