Inetum Group, a French IT services provider, became the victim of a ransomware attack less than a week before Christmas, with only minor consequences for the company and its clients. Inetum operates in over 26 countries, offering digital services to businesses in different sectors, including aerospace and defense, automotive, public sector, banking, healthcare, insurance, retail, transportation, energy and utilities, telecommunications, and media.
The group is an ideal target for ransomware gangs since it provides services to many businesses and has a revenue of around $2 billion. Inetum was the subject of a ransomware attack on Sunday, December 19, that disrupted parts of its operations in France but did not expand to bigger infrastructures employed by customers.
“None of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been affected,” the company said in a press release.
The Group’s crisis management team worked immediately to secure key connections that, if breached, may put clients at risk. The operational teams did this by isolating all servers on the compromised network and terminating client VPN connections. According to an early investigation, the ransomware strain used during the incident was identified, and the recent severe Log4j vulnerability was not abused during the event.
The malware used was not named by Inetum Group. However, Valéry Marchive, editor-in-chief at French publication LeMagIt, said that it was BlackCat ransomware (aka ALPHV and Noberus).
According to researchers at Symantec, the file-encrypting malware is written in Rust (which is unusual for ransomware attacks) and has been employed in cyberattacks since at least November 18. BlackCat comes with a configurable setup that enables it to spread to other pcs, terminate virtual machines and ESXi hypervisors, and erase them.
The incident has been reported to authorities, and Inetum Group is working with specialized cybercrime teams to investigate. A third party has also been enlisted to assist with incident response. According to the company, customers’ deliveries are secure for the time being, and communications and collaboration platforms are unaffected.
