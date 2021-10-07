The sinister countdown was triggered on Wednesday evening. On their Darknet claims blog, the Lockbit 2.0 ransomware operators put pressure on the French group Transdev and threaten to publish 200 GB of internal data if their cryptocurrency ransom demand is not accepted within 72 hours. This unfortunately already well-known extortion technique consists in publicly displaying the profile of a company reluctant to pay in exchange for a return of its files.

A ransomware or “ransomware” in English corresponds to a malicious software which encrypts, to make completely unreadable, the data of a computer, a server or a network of a company. Cybercriminals have previously infiltrated the computer system and extracted the most valuable files they intend to cash.

Contacted by the Parisian-Today-in-France, Transdev does not deny or confirm the initial cyberattack and “does not currently wish to make an official comment on this subject”.

But a spokesperson for the American subsidiary of the group reacted to the American site ZDNet. “We are aware that a cybercriminal group threatens to publish data that would belong to Transdev. However, we believe that they rather belong to one of our customers affected by a cybersecurity incident in mid-September, ”says the representative of the company. “There is currently no indication that internal data or other customer data has been accessed or retrieved,” he says.



In the meantime, time is running out on the Darknet site and to prove their seriousness, the hackers have already put a compressed file of 26.18 MB to download freely.

Hosted on the Tor network, the data disclosure site features a countdown to October 10.

Lockbit 2.0 operates as “ransomware-as-a-service (RaaS)”, meaning that its executives rent out the complete kit by subscription to attack a business. Its affiliates had already attacked the consulting giant Accenture last summer.

“They are particularly active at the moment because they make accessible to amateurs of big attacks against large companies”, explains Adrien Merveille, cybersecurity expert at Check Point. “Their attacks are automated once they enter the system and the malware spreads and disables security solutions before initiating encryption,” he explains.