Ransomware gang demand payment in baguettes
There is little in the world of cybercrime that truly surprises me these days, and even less when it comes to ransomware. Yet I admit to being caught a wee bit off guard when a new ransomware player opted to ask a victim for payment in French bread. But don’t be fooled by the apparent humor, the Hellcat crime group is deadly serious and wants $125,000 in the cryptocurrency Monero as well. There’s not much to laugh at in this story, when it comes down to it.
Here’s what is known so far.
The Hellcat Ransomware Crime Group
Little is known about the new ransomware crime group calling itself Hellcat, other than it has a spokesperson called Grep. It was this spokesperson who first claimed that the French multinational, Schneider Electric, had been compromised by the group and demanded the ridiculous baguette ransom payment. The breach appears to have been of one of the Schneider Electric developer servers, with as much as 40GB of archived data exfiltrated by the attackers.
A posting to the Hellcat leak site, a model used by most every ransomware group to threaten victims and leverage payment before a set date when the stolen data will be sold or published, made the bizarre extortion claim for payment in French bread.
Hellcat ransomware group’s bizarre demands
According to Cyberscoop reporters, however, the joke statement about baguettes was just that, a joke. “In reality, the attackers are looking for payment in Monero, a privacy-focused cryptocurrency,” the publication said.
Schneider Electric Issue Statement Regarding The Ransomware Incident
A Schneider Electric spokesperson issued the following statement: “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”
“Ransomware is a business model, and we can think of this bizarre baguette demand as a marketing stunt,” Hüseyin Can Yuceel, a security researcher at Picus Security, said, adding that the group demanded that Monero crypto ransom payment.
Hüseyin Can Yuceel went on to say that it’s likely Hellcat, being a new player to the ransomware crime sector, is “trying to get attention and establish trust for future victims and associates for a possible Ransomware-as-a-Service operation.” Leaking the stolen data proves their capability, Can Yuceel said, and if Schneider pays up “it would prove their capabilities and trustworthiness to others.”
