Ransomware : Ragnar Locker revendique une cyberattaque contre Dassault Falcon Jet Corp.
Ransomware: Ragnar Locker claims cyberattack against Dassault Falcon Jet Corp.
The operators of this ransomware have just called the aircraft manufacturer to the negotiating table. For the time being, he is content to mention "technical problems with his e-mail and his websites".
Valery Marchive
by
Valéry Marchive, Editor-in-chief
Posted on: Dec 10, 2019 2020
[Update December 11, 2020 @ 3:15 pm] In a private exchange, the operators of Ragnar Locker told us they had remained hidden in the Dassault Falcon Jet information system for more than six months. Using the specialist Onyphe search engine, we identified a system that was affected by the Shitrix vulnerability at the end of March. The attackers confirmed to us that they had exploited it. But the security controls in place seem to have made it much more difficult for them: “To be honest, let's say they have a very robust security perimeter. Not enough, however. "
CONTINUATION OF THE ARTICLE BELOW
DOWNLOAD THIS GUIDE FOR FREE
Security information 12: Cyber threat #NotPetya: lessons learned at Maersk
The cyber threat landscape has fundamentally changed, with a very real risk of getting caught up in activities sponsored by nation states. This issue of Security Information brings you the trend in cybersecurity, from vulnerability management in Toyota to Denmark
Professional email address
I accept the terms of use TechTarget to and the privacy policy and transfer my information to the US for processing to provide me with relevant information described in our Privacy Policy.
I agree that my information will be processed by TechTarget and its partners in order to communicate with me by telephone or e-mail and this about information relevant to my professional context. I can unsubscribe at any time.
Not without a certain pride in their "research work", the operators of Ragnar Locker assured us that if Dassault Falcon Jet "continues to remain silent, they will be very surprised at the amount of data we have collected". They specify that they triggered the encryption on the morning of December 7 and thus affected "all critical servers and file shares". And to say they are ready to share more details on this cyberattack in the event that Dassault Falcon Jet continues to ignore them.
[Update December 10, 2020 @ 8:55 pm] Our initial article referred to Dassault Aviation. Its communications director told us that the attack actually concerns Dassault Falcon Jet Corp. and that "it is therefore not up to Dassault Aviation to comment on this subject". We have changed the title of our article accordingly.
[Article original]
The cybercriminals to commands rançongiciel Ragnar Locker just published on their website, a call to Dassault "we would like to discuss your case personally in our Live Chat , which is safe for both sides. You should know that we have spent a lot of time and done a very good research in your sensitive data, which we will publish on this site ”.
In this message, the attackers threaten to put up for sale, at auction, the “development documentation for the new Falcon jets […] we will discuss this separately”. And to refer in particular to the Falcon 6x… just unveiled by the aircraft manufacturer. In short… "we are waiting for you in our Live Chat , otherwise we will initiate the publication process and all your data will go on the Internet or will be sold to third parties".
According to a screenshot from Ragnar Locker operators, Dassault Falcon Jet tells its customers "to encounter technical problems with their email and websites."
Screenshot of the ransom call.
A spokesperson for the aircraft manufacturer, reached by telephone, tells us "not to be aware" of the incident. And to ensure that, for its part, electronic mail and website function normally. But she invited us to join the communications department who did not answer our call or the message left on the answering machine when these lines were published. We will be sure to update this article when responses are received.
Screenshot of the ransom call.
The group of cyber criminals in charge of the Ragnar Locker ransomware are among those who practice double extortion: before encrypting the systems of their victims, they start by stealing data which they then threaten to disclose in order to improve their chances of obtaining the payment of the requested ransom.
Among their recent victims is Carlson Wagonlit Travel, which gave in to blackmail and paid $ 4.5 million over the summer. More recently, in France, the carrier CMA-CGM was hit by Ragner Locker at the end of September. But to date, the operators of this ransomware have neither published nor threatened to publish any data belonging to the group.
The operators of this ransomware have just called the aircraft manufacturer to the negotiating table. For the time being, he is content to mention "technical problems with his e-mail and his websites".
Valery Marchive
by
Valéry Marchive, Editor-in-chief
Posted on: Dec 10, 2019 2020
[Update December 11, 2020 @ 3:15 pm] In a private exchange, the operators of Ragnar Locker told us they had remained hidden in the Dassault Falcon Jet information system for more than six months. Using the specialist Onyphe search engine, we identified a system that was affected by the Shitrix vulnerability at the end of March. The attackers confirmed to us that they had exploited it. But the security controls in place seem to have made it much more difficult for them: “To be honest, let's say they have a very robust security perimeter. Not enough, however. "
CONTINUATION OF THE ARTICLE BELOW
DOWNLOAD THIS GUIDE FOR FREE
Security information 12: Cyber threat #NotPetya: lessons learned at Maersk
The cyber threat landscape has fundamentally changed, with a very real risk of getting caught up in activities sponsored by nation states. This issue of Security Information brings you the trend in cybersecurity, from vulnerability management in Toyota to Denmark
Professional email address
I accept the terms of use TechTarget to and the privacy policy and transfer my information to the US for processing to provide me with relevant information described in our Privacy Policy.
I agree that my information will be processed by TechTarget and its partners in order to communicate with me by telephone or e-mail and this about information relevant to my professional context. I can unsubscribe at any time.
Not without a certain pride in their "research work", the operators of Ragnar Locker assured us that if Dassault Falcon Jet "continues to remain silent, they will be very surprised at the amount of data we have collected". They specify that they triggered the encryption on the morning of December 7 and thus affected "all critical servers and file shares". And to say they are ready to share more details on this cyberattack in the event that Dassault Falcon Jet continues to ignore them.
[Update December 10, 2020 @ 8:55 pm] Our initial article referred to Dassault Aviation. Its communications director told us that the attack actually concerns Dassault Falcon Jet Corp. and that "it is therefore not up to Dassault Aviation to comment on this subject". We have changed the title of our article accordingly.
[Article original]
The cybercriminals to commands rançongiciel Ragnar Locker just published on their website, a call to Dassault "we would like to discuss your case personally in our Live Chat , which is safe for both sides. You should know that we have spent a lot of time and done a very good research in your sensitive data, which we will publish on this site ”.
In this message, the attackers threaten to put up for sale, at auction, the “development documentation for the new Falcon jets […] we will discuss this separately”. And to refer in particular to the Falcon 6x… just unveiled by the aircraft manufacturer. In short… "we are waiting for you in our Live Chat , otherwise we will initiate the publication process and all your data will go on the Internet or will be sold to third parties".
According to a screenshot from Ragnar Locker operators, Dassault Falcon Jet tells its customers "to encounter technical problems with their email and websites."
Screenshot of the ransom call.
A spokesperson for the aircraft manufacturer, reached by telephone, tells us "not to be aware" of the incident. And to ensure that, for its part, electronic mail and website function normally. But she invited us to join the communications department who did not answer our call or the message left on the answering machine when these lines were published. We will be sure to update this article when responses are received.
Screenshot of the ransom call.
The group of cyber criminals in charge of the Ragnar Locker ransomware are among those who practice double extortion: before encrypting the systems of their victims, they start by stealing data which they then threaten to disclose in order to improve their chances of obtaining the payment of the requested ransom.
Among their recent victims is Carlson Wagonlit Travel, which gave in to blackmail and paid $ 4.5 million over the summer. More recently, in France, the carrier CMA-CGM was hit by Ragner Locker at the end of September. But to date, the operators of this ransomware have neither published nor threatened to publish any data belonging to the group.
