The worrying extent of damage caused by a cyberattack on the Départment des Alpes-Maritimes in early November has been revealed by a ransomware group on the dark web.  

Back on Thursday 10th November, when the cyberattack took place, the Département des Alpes-Maritimes cut all its IT networks in an attempt to “protect sensitive data”. Despite hopeful statements made at the time by the local authorities – namely that the “responsiveness of the action taken could well have assured no pirating of community data” – it now seems certain that vast quantities of public information was stolen.  

Over last weekend, reports began to surface that a ransomware group called Play was planning on going public with the data it had taken. On the morning of Tuesday 29th November, 13GB of pirated data out an alleged 290GB that the hackers have in their control was published on the dark web.  

Screenshots shared by the Journal du Net (JDN) suggest that Play has gained access to a wide range of sensitive data, from PAIE and URSSAF files to work-from-home and Covid-related information. Even files on the Christmas voucher scheme for children in the Alpes-Maritimes appear to have been compromised.  

Play is a relatively new player in the murky world of ransomware and hacking, although experts say it leaves behind signatures similar to better-known groups like Hive and Nokayawa. Its goal for the attack on the Alpes-Maritimes is not yet clear, but this recent assault on a French local authority is somewhat unusual for Play, who typically targets South America, according to the JDN. The media outlet reported that Play’s latest major “hit” was on a courthouse in Cordoba, Argentina, earlier this year.  

Photo source: Markus Spiske for Unsplash