The French Rugby Federation (FFR) is the subject of an extortion attempt following a computer attack. This cyberattack, which took place on the night of Wednesday June 7 to Thursday June 8, “mainly affected mail servers”, announced the federation in a press release, while specifying that it has since “secured the entire system and restored its operation”.
The FFR was the victim of a ransomware attack, malicious software that infiltrates and paralyzes a computer network before its leaders demand a ransom. A group of hackers, known as “Play”, claimed responsibility for the attack on its website on Wednesday June 21 and is now threatening to publish the information stolen during the attack if a ransom is not paid.
“The FFR has not received a ransom demand to date and will not wish to respond to it if necessary” warned the rugby body in its press release.
This attack and this blackmail fall particularly badly for the FFR, just a few days after Florian Grill, its new president, took office. In addition, the federation is preparing to organize its annual congress and general assembly next week in Lille. The hackers plan to release the documents two days before that deadline. And that’s not counting the Rugby World Cup, which is to be held in France from September and for which the French team, which is to meet from July 2 in Monaco, is one favorites.
An attack of a scale to be determined
Gray areas remain concerning this attack, in particular on the exact nature of the data recovered by the hackers. The messaging having been targeted, it is probably correspondence sent and received by the FFR. The latter specifies that she has tackled “to research and analyze data that may have been exfiltrated as part of this attack, including emails, contacts and calendar information”. A task complicated by the fact that “the activity history of part of the mailboxes” attacked could not be recovered. In its press release, the instance does not specify either the period covered by the possibly stolen data.
A bluff is not to be excluded from the pirates. Some groups of cybercriminals do not hesitate to exaggerate the amount of information they have managed to recover in the hope of pushing the victim to the negotiating table.
Ransomware has become the main threat to digital crime in recent years. The groups that implement them rely on a complex criminal ecosystem, where groups responsible for compromising and infiltrating networks resell access to compromised systems to blackmailers, causing waves of victims. It is therefore very likely that the FFR was not specifically targeted and that the concomitance of the attack with the World Cup or the election of the new president of the body is purely fortuitous.
The “Play” group appeared in the plethora of ransomware cybercriminal groups a year ago, specializing in attacks against messaging systems. This gang has notably targeted the Alpes-Maritimes department, the Spanish bank Globalcaja, the software publisher Xplain or the company Rackspace.
Newsletter
“Paris 2024”
“Le Monde” deciphers the news and the challenges of the 2024 Olympic and Paralympic Games.
Register
The hacking of the FFR was, as required by law since personal data were compromised, declared to the National Commission for Computing and Liberties (CNIL), further specifies the federation, which adds to be “contact with the police”without specifying whether a complaint had been filed.
