The municipal computers were suddenly paralyzed Wednesday evening: “a general plantade”, in the words of the mayor PS of Alfortville (Val-de-Marne), Luc Carvounas. Its town hall was the target of a cyber attack by “ransomware”, that is to say that the hackers managed to enter the computer system and to exfiltrate, before encrypting them, all the files found on the way. .
City departments then received a ransom note in Bitcoin in exchange for a decryption key that makes access to files that have become unreadable.
The Town Planning and Population Assistance services are the most affected and the e-mail boxes no longer work. Windows PCs were infected, but macOS under macOS were not. The hacker group Ranzy Locker claimed responsibility for its action on the DarkWeb and created a file on its Ranzy Leak site dedicated to extortion and hosted on the parallel Tor network.
Ranzy Locker acts like a dozen other cybercriminal groups active in the ransomware “market”. After having infiltrated a computer system with malware, another tool encrypts computers on the infected network. Folders and data then appear under the extension. Ranzy, according to analyzes carried out by the specialized site Bleeping Computer.
The hackers then leave a note indicating how to contact them to pay the ransom and receive a decryption key for the files… which they also siphoned off before crippling the system.
Communities, ideal targets
Then comes the second stage of the extortion: they put some of the stolen loot online in order to put pressure on the victim to give in to their blackmail.
Alfortville refuses to pay the ransom and expects to restart his computer system in the middle of next week.
“We are in the process of putting everything right with a specialized company,” Luc Carvounas explains on Friday. In the meantime, we have all returned to the pen, but were able to continue some of our activities, such as our crisis unit or meetings via the Zoom or WhatsApp applications. “
Very fashionable for 18 months, this type of cyberattack does not spare businesses and communities in Ile-de-France such as Mitry-Mory (Seine-et-Marne). “Hackers do not target communities in particular, they send malicious e-mails on a massive scale and hook the first to bite the hook”, analyzes Jérôme Soyer, technical director for Europe of Varonis, an American company specializing in the detection of cyberattacks .
“They are, however, prime targets because of somewhat obsolete IT systems, limited internal skills and a general lack of awareness among municipal employees and elected officials,” points out the expert.
Refuse to pay the ransom
Earlier in the week, the neighboring town of Vincennes had recognized in a press release be affected by a “large-scale cyber attack on the town hall’s computer systems” which paralyzed part of the municipal services. The situation should return to normal at the beginning of next week, according to the town hall.
No claims appeared on the DarkWeb for this malicious operation. But hackers only use this leverage when the victim either did not respond to them or refused to pay the ransom.
Anssi (the National Information Systems Security Agency) has listed 128 ransomware-type attacks since the start of the year. She strongly advise against the victims – communities or businesses – to pay the criminals and fuel a mafia system.