French IT services provider Inetum hit by BlackCat ransomware attack

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday.

French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company the security breach had a limited impact on its operations.

Inetum is an agile IT services company that provides digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

The company operates in more than 26 countries, the Group has nearly 27,000 employees and in 2020 generated revenues of €1.966 billion.

The ransomware attack took place on December 19, the intrusion impacted some of its operations in France but according to the company it did not affect the overall infrastructures used by the customers.

“As announced on Monday, 20 December 2021, the Inetum Group was the target of a ransomware cyberattack on Sunday, 19 December 2021, which impacted certain operations in France, but not in any of the other countries where the Group operates.” reads the press release published by the company.

“None of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been affected.”

In response to the incident, all servers in the affected perimeter have been isolated and client VPNs have been disabled.

The company was able to identify the ransomware family that hit its infrastructure, but did not disclose it and shared its findings with the competent authorities at ANSSI (French Network and Information Security Agency). The investigation also allowed the company to determine that there is no link to the Log4j vulnerability.

According to LeMagIt, the company was hit by the BlackCat ransomware.

“According to converging sources, the ransomware involved in the attack is BlackCat , a service-mode ransomware (RaaS) discovered in early December.” states a post published by LeMagIt.

BlackCat ransomware (aka ALPHV) was first spotted in December by researchers from Recorded Future and MalwareHunterTeam, it is the first professional ransomware strain that was written in the Rust programming language.

BlackCat can target Windows, Linux, and VMWare ESXi systems, but at this time the number of victims is limited.

The popular malware researcher Michael Gillespie said that the BlackCat ransomware is “very sophisticated.”

Recorded Future experts speculate that the author of the BlackCat ransomware, known as ALPHV, was previously involved with the REvil ransomware operations.

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Like other ransomware groups, the gang also implements a double-extortion model, threatening to leak the stolen data if the victims don’t pay.

ALPHV is attempting to recruit affiliates for its operations, offering them between 80% and 90% of the final ransom, depending on its value. The BlackCat operations only hit a small number of victims at this time in the USA, Australia, and India.

Ransom demands range from a few hundreds of thousands up to $3 worth of Bitcoin or Monero.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Inetum)

[adrotate banner=”5″]

[adrotate banner=”13″]