Two weeks after the discovery of malicious software on the servers of the company Bouygues construction, the French construction giant still faces significant difficulties in re-establishing its entire IT infrastructure.
“The teams are working on restarting; it’s progressive, and we’re focusing on that and business continuity ”, we explain at the company's headquarters. The complete restoration will take time: internal sources explain that the priority remains the group messaging, cut since January 30, and which was still unusable in the middle of the week, forcing employees to use only phones.
Ransomware is malware that is used to extort money from individuals or businesses who are victims of it.
The one who touched Bouygues, “Maze” (“labyrinth”), belongs to the family of “cryptolockers”: this software encrypts all the documents present on the machine, and demands the payment of a ransom to decrypt them. The group's construction sites are continuing, but ransomware has significantly slowed down activity at the company's headquarters, where, as required by the standard procedure in the event of infection, the network had to be partitioned to “clean up” the machines affected by it. avoiding the risks of contagion.
Blackmail at publication of documents
The group of hackers who attacked Bouygues construction, which calls itself the “Maze Team”, did not just make documents inaccessible. He claims to have also copied large amounts of data to corporate servers, and threatens to make it public if the ransom is not paid – hackers say they claimed $ 10 million ($ 9.2 million euros) to the construction giant.
This blackmail in the publication of documents is a relatively new practice. Previous large waves of ransomware that have affected France, such as NotPetya or Wannacry, were “content” to block the machines affected. The theft of documents poses a much heavier threat to companies: even if they manage to restore their computer network and have backup copies, the blackmail remains.
“We had taken precautions, and were able to reassemble the machines fairly quickly without losing data”, said the CEO of an SME which was also blackmailed by Maze Team. The company chose, as recommended by the experts and the police, not to pay the ransom demanded, much lower than that demanded from Bouygues, and it filed a complaint. Administrative documents for this company were effectively put online shortly after the refusal to pay.