The public body responsible for vocational training for adults has been the victim of a computer hack.
Thousands of documents containing personal information have been stolen by cyber criminals. They now have the personal information of several thousand people at their disposal.
This article will also interest you: Personal data: even more leaks in Canada
According to the agency's information, the attack was large-scale and the aim was surely to steal as much information as possible in order to monetize it later. But the cyber-prisoners behind this act claimed action on the basis of a Ransomware. The purpose of such an attack is simply to be able to take control of the computer system of the targeted structure, in order to encrypt the data and prevent the end user from being able to access it. Once this move is successful, cyber-prisoners demand a ransom payment to free the infected computer system. It is the most common computer hacking system especially in recent times. And the coronavirus pandemic has only increased the chances of success of such an illegal action. In our case, they didn't just encrypt the data, they also stole some important information.
The Agency for Professional Training for Adults (AFPA) confirmed to the French media Le Parisien that it was indeed the victim of a "security incident on the night of March 7-8, which did not disrupt the operation of our services for a long time." That is all the agency wanted to provide as information about the incident. On the Internet of the Dark web Tor, hackers have not failed to expose their success. According to them, they were able to gain access to nearly 65076 terminals, consisting of workstations and servers. It was mentioned that they use the "DoppelPaymer" ransom program. However, the training agency admitted that it had only been hit by the ransomware by 3 workstations and about 100 servers. It was able to avoid data loss through previous backups that allowed for rapid data restoration and a timely start-up of the system. According to a source within the agency: "The program that was used to infect and paralyze the machines would not have worked on the rest of its fleet of 1,500 servers thanks to up-to-date antivirus. ».
So far, hackers have not demanded any ransom. However, they posted examples of the files on the internet to prove that they were able to draw certain personal information. So as to put pressure on the training agency. There is also a classic method for ransomware attacks. When the hostage-taking of computer systems does not go as planned and the victim refuses to pay the ransom demanded for the release of his system, the malicious cybers threaten to disclose the information collected during the computer attack. Information that is often quite sensitive. So it is surely this process that in court. However, according to the director of the agency: "They have only recovered Excel documents whose information is public. There is no sensitive data to monetize and the Afpa has no money anyway." He added that all outward access was quickly cut off as soon as the incident was detected. But this does not seem to correspond with the evidence recently published by hackers which proves that the last access dates back to April 16, that is, a month ago.
In addition, following the consultation of examples of files posted online by cyber-prisoners, important documents were discovered that contained information sensitive enough for private and public structures partners at the training agency. Information that could easily be exploited by fairly well-trained hackers. Among this information, we could consult phone numbers, business emails, invoices, contracts, vacation schedules of employees of certain SME partners, names and surnames and login credentials… information that in the cybercrime sector is all except negligible as the director of the agency is trying to understand.
Now access an unlimited number of passwords: