Ransomware Attack on French SME Legilo by APT73

Incident Date: Oct 29, 2024

Attack Overview

VICTIM

Legilo

INDUSTRY

Media & Internet

LOCATION

France

ATTACKER

APT73

FIRST REPORTED

October 29, 2024

Request Removal

Ransomware Attack on Legilo: APT73 Strikes a French SME

Legilo, a French company operating under the domain legilog.fr, recently became the victim of a ransomware attack orchestrated by the emerging group APT73. This incident underscores the vulnerabilities faced by small to medium-sized enterprises (SMEs) in the digital age, particularly those in the construction and manufacturing sectors.

About Legilo

Legilo is a company that specializes in providing innovative solutions for the construction and manufacturing industry. As an SME, it employs between 50 to 250 employees, a typical size for companies in this sector. Legilo distinguishes itself through its focus on integrating traditional construction practices with modern technology, enhancing efficiency in project management and execution. This approach allows them to cater to a diverse clientele, including both public and private sector projects. However, their reliance on digital solutions also makes them a target for cyber threats.

Attack Overview

The ransomware attack on Legilo targeted the company's management software, which is utilized across various sectors, including culture, businesses, religion, and bishoprics. Approximately 10 GB of data was compromised, including critical components such as CRM systems, export files, backups, and personal information. This breach highlights the vulnerabilities in data management systems and the importance of effective cybersecurity measures to protect sensitive information.

APT73: A New Threat

APT73 is a newly emerged ransomware group that surfaced in late April. The group distinguishes itself by adopting the "APT" (Advanced Persistent Threat) designation, which is unusual for ransomware entities. Their operational model closely resembles that of the notorious LockBit group, employing sophisticated encryption methods and double-extortion strategies. Despite their amateurish signs, such as lacking active mirrors on their data leak site, APT73 has quickly targeted multiple victims across various sectors, indicating an aggressive operational approach.

Potential Vulnerabilities

Legilo's integration of modern technology in its operations, while innovative, may have exposed vulnerabilities that APT73 exploited. The attack on their management software suggests potential weaknesses in their cybersecurity infrastructure, which could have been leveraged by the ransomware group to penetrate their systems. This incident serves as a reminder of the critical need for SMEs to invest in comprehensive cybersecurity strategies to safeguard their digital assets.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.