Hackers attack Telethon: biotech YposKesi targeted with ransomware
Hackers attack Telethon: biotech YposKesi targeted with ransomware
Babuk ransomware cybercriminals published part of the files they say they stole from the innovative company that produces gene therapy treatments. They demand a ransom for not publishing the rest of the data.
Archives. The hackers targeted the YposKesi industrial platform of the Généthon laboratories in Évry.
Archives. The hackers targeted the YposKesi industrial platform of the Généthon laboratories in Évry. LP / Florian Garcia
By Damien Licata Caruso and Nolwenn Cosson
On March 27, 2021 at 19.40 , as amended on March 27, 2021 at 19:56
It is a new type of ransomware that has specialized in targets in the healthcare industry. In a publication on their DarkWeb site, the cybercriminals group Babuk claimed responsibility for the intrusion and theft of 23 GB of data from YposKesi's computer system on Friday evening. The result of the work of the Généthon laboratory, this pharmaceutical industrial nugget is notably at the cutting edge in the production of gene and cell therapies.
The company, based in Corbeil-Essonne (Essonne) and created in 2016 by AFM-Telethon and the SPI public fund, refused to confirm the cyberattack. "I am not commenting on this subject", its CEO Alain Lamproye simply told us over the phone.
Like many cybercriminal gangs , Babuk practices the double extortion technique. After infecting a computer system, hackers trigger malicious software or "ransomware" that will encrypt - make inaccessible - all data hosted on the network. Then, they leave behind a ransom note file.
Threats of dissemination of contracts
Hackers have previously taken care to extract the items with the most market value that they will cash to the highest bidder or use to demand payment in exchange for their return. If the victim does not comply and has backups, the attackers then threaten to disclose their loot on the Internet.
Babuk released a sample of the siphoned data in order to increase the pressure on the victim. The documents we have been able to consult are contracts with pharmaceutical laboratories, confidential agreements between companies and screenshots of stolen files and sub-files.
/
/
"They have the same techniques as all the other groups that have been operating ransomware for a year" analyzes Jérôme Saiz, expert in cyber crisis management at OPFOR Intelligence. “These are piracy Stakhanovists who are carrying out attacks one after the other. They do not look in detail at what they steal but know the profile of their victim well and how much they can demand ”. YposKesi, which means promise in ancient Greek, has around 180 employees and achieved a turnover of € 12.3 million in 2019.
Babuk ransomware cybercriminals published part of the files they say they stole from the innovative company that produces gene therapy treatments. They demand a ransom for not publishing the rest of the data.
Archives. The hackers targeted the YposKesi industrial platform of the Généthon laboratories in Évry.
Archives. The hackers targeted the YposKesi industrial platform of the Généthon laboratories in Évry. LP / Florian Garcia
By Damien Licata Caruso and Nolwenn Cosson
On March 27, 2021 at 19.40 , as amended on March 27, 2021 at 19:56
It is a new type of ransomware that has specialized in targets in the healthcare industry. In a publication on their DarkWeb site, the cybercriminals group Babuk claimed responsibility for the intrusion and theft of 23 GB of data from YposKesi's computer system on Friday evening. The result of the work of the Généthon laboratory, this pharmaceutical industrial nugget is notably at the cutting edge in the production of gene and cell therapies.
The company, based in Corbeil-Essonne (Essonne) and created in 2016 by AFM-Telethon and the SPI public fund, refused to confirm the cyberattack. "I am not commenting on this subject", its CEO Alain Lamproye simply told us over the phone.
Like many cybercriminal gangs , Babuk practices the double extortion technique. After infecting a computer system, hackers trigger malicious software or "ransomware" that will encrypt - make inaccessible - all data hosted on the network. Then, they leave behind a ransom note file.
Threats of dissemination of contracts
Hackers have previously taken care to extract the items with the most market value that they will cash to the highest bidder or use to demand payment in exchange for their return. If the victim does not comply and has backups, the attackers then threaten to disclose their loot on the Internet.
Babuk released a sample of the siphoned data in order to increase the pressure on the victim. The documents we have been able to consult are contracts with pharmaceutical laboratories, confidential agreements between companies and screenshots of stolen files and sub-files.
/
/
"They have the same techniques as all the other groups that have been operating ransomware for a year" analyzes Jérôme Saiz, expert in cyber crisis management at OPFOR Intelligence. “These are piracy Stakhanovists who are carrying out attacks one after the other. They do not look in detail at what they steal but know the profile of their victim well and how much they can demand ”. YposKesi, which means promise in ancient Greek, has around 180 employees and achieved a turnover of € 12.3 million in 2019.
