The Society de Transport de l’Otouis (STO) finally agreed that hackers had information from some users.
However, she assured that this was not sensitive information.
Presumably, criminals can get clients ’names and addresses and, in some cases, even their date of birth, phone number and email address.
Admission comes three weeks after a serious ransomware-type cyber-attack targeting the general carrier. The attack took place at midnight on September 4th.
The STO held its first press briefing on Monday afternoon to take stock as there has been no transparency since the crisis began, with services like Planibus still freezing from CyberTalk.
“The system has encryption [NDLR: attaque sévère] And a data wipeout, admitted by Patrick Leclerk, general manager of the STO. It looks like the attacker has locked our systems in order to prevent them from being used. Backup systems were also affected. “
After the STO refused to pay the ransom demanded, the cyber attackers published the filtered files on the underground Internet (“dark web”), Mr. Leclerc added.
The carrier declined to identify the name of the criminal group involved, but last week a group called AvosLocker announced an attack on its website hosted on the “Dark Web”.
When contacted by email, the AvosLocker group replied that it had 115 GB of data and that it was basically a “database”. A spokesman for the crime group said most of the data would be “made public” if the STO did not cooperate. Without specifying the nature of the data, he said the subsidiary responsible for the attack “received offers” to purchase a portion of the data.
With the exception of seven employees, STO management stated that there was no evidence that staff files were compromised. The carrier supported them when identity theft occurred.
Computer security experts from KPMG work with STOs to assess risk.
Regarding redemption cost, the carrier refuses to disclose the amount.
“The STO selects information without disclosing it to criminals,” STO President Miriam Nade announced.
AvosLocker is a ransomware service provider. He works with “affiliates”. Those who infiltrate networks and execute malware and make the final decision on the public disclosure of stolen data.
Alan Lisca, a cyberbullying analyst at Record Future Company, said the group first appeared last June. He said he was looking to hire hackers, saying “they have not yet been able to attract a large number of affiliates”.
Their first victim was announced in July. Since then they have posted 22 companies in their company.
The analyst explains that these groups always say they have buyers. “You have to remember that these are bloody lies,” he laughs. Because he was not French-speaking, they were not always aware of the value of the data they had stolen.
While he was working underground, AvosLocker kept his location secret, but there were indications that he was somewhere in Russia or in neighboring countries. For example, on its “Dark Web” site, it states that it does not target companies in the area.