A cyber attack forces La Poste Mobile to shut down its site

Operator La Poste Mobile was forced to shut down its website due to a ransomware cyber attack. The LockBit hacker gang, said to be linked to Russian cybercrime, is highlighted.

The year 2022 is certainly not easy for La Poste. The company, which suffered setbacks in the spring with its messaging service (it has since returned to operation), now faces a new problem: a computer attack forced it to shut down access to the website of its telecommunications subsidiary, La Poste Mobile.

The attack has now been going on for a week. It was on July 4 that mobile virtual network operator (MVNO) online services were affected and these have not yet been restored. A maintenance notice can be found on the La Poste Mobile website. This indicates that it is malicious software – ransomware – involved.

The message from La Poste Mobile. // Source: Screenshot

The LockBit 3.0 ransomware in question

A ransomware, or ransomware in English, is a computer program that infiltrates a computer and captures the files and folders on it, making them inaccessible. The ransomware then displays a threat on the victim’s screen to force them to pay a ransom – usually in a cryptocurrency – if they want to restore the contents of their computer.

In theory, the paying victim is supposed to get a tool from the ransomware author that will unfreeze their PC and get it back to normal. Otherwise, if the victim refuses to give in to this blackmail, the malicious software can delete everything at the end of a count (to put pressure on him and pay quickly) or even publish everything on the Internet.

The rule against ransomware is that you don’t have to pay. This shows that the victim is willing to give in (and therefore encourage a restart attack against them, on occasion). This validates how this extortion method works (since people pay). And furthermore, there is nothing to say that the collected data will be released or that the amount demanded will be the one to be paid.


No hacker, it is the user himself who installs the malware.  // Source: Louise Audry for Numerama

It is obvious gang LockBit 3.0 who is behind the hacking of La Poste Mobile, which has around 2 million customers. This gang, which operates close to the Russian world, is linked to the attacks against Accenture and the Department of Justice. LockBit is seen as a leader in cyber ransomware attacks, thanks in part to its longevity.

Cryptolocker ransomware
What ransomware looks like: An anxiety-inducing message and instructions to pay quickly if the victim wants their data back. Otherwise, they will be destroyed or spread online. // Source: Screenshot

Personal data from La Poste Mobile exposed

We do not know today the exact extent of the damage that this virus has caused to La Poste Mobile. For a company, the damage can be significant if the ransomware spreads throughout the internal network. Connected machines, such as printers, can be crippled, as can phone lines and email access.

La Poste’s information release indicates that an initial tally shows ” that the servers essential to the operation of your mobile line have been protected “. But other posts could not resist. Also, ” it is possible that files on La Poste Mobile employees’ computers have been affected », warns the MVNO.

These files ” may contain personal data “, we read in the announcement from La Poste Mobile. And according to an analysis by Le Parisien, this is the case: Surnames, first names, e-mails, telephone numbers are found in files that partially circulate on the network, to prove the reality of piracy and that it is not about showing off.

These elements are likely to be used for phishing campaigns. La Poste Mobile therefore encourages its customers to be extremely vigilant about contact attempts, especially if the messages suggest a payment event, a problem with your account information or password. Committing to provide sensitive elements could be a trap.


Hacker // Source: Louise Audry for Numerama

Leave a Comment