French telecoms company suffers cyberattack, website still offline

French telecoms operator La Poste Mobile has alerted customers that their information compromised in a major ransomware attack that targeted the firm’s administrative and management networks on July 4.

The cyberattack, believed to have been carried out by the LockBit ransomware group, took the firm’s networks offline as it attempted to minimize damage.

The LockBit ransomware group was first identified in 2019 and has become one of the most prolific groups to offer ransomware-as-a-service. It sells its software to third-party criminals who deploy it in return for a share of the profits.

Several days later, its site is still offline and visitors are greeted by a statement in French telling customers to be wary of targeted cyber-attacks:

Our initial analysis shows that our servers, which are essential to the operation of your mobile line, have been well protected. However, it is possible that files on the computers of La Poste Mobile employees have been affected. Some of these files may contain personal data.

While La Poste Mobile’s mobile services continue to operate, it has asked customers to be on the lookout for phishing attempts or suspicious activity related to personal information the attackers may have accessed.

La Poste Mobile invites its customers to be vigilant, in particular by monitoring any attempt at phishing and/or identity theft, and will of course keep them informed of the lessons learned from the ongoing investigations. Our teams are fully committed to resolving this situation as quickly as possible.

This summer, a ransomware operation that uses the LockBit 2.0 ransomware targeted Foxconn Baja California and claimed to release stolen information, unless the victim pays up.