The French Rugby Federation (FFR) is the subject of an extortion attempt following a computer attack. This cyberattack, which took place on the night of Wednesday June 7 to Thursday June 8, “mainly affected the mail servers”, the federation announced in a press release, while specifying that it had since “secured the entire system and restored its operation”.

The FFR was the victim of a ransomware attack, malicious software that infiltrates and paralyzes a computer network before its leaders demand a ransom. A hacker group known as “Play” claimed responsibility for the attack on its website on Wednesday, June 21, and is now threatening to release the information stolen in the attack if a ransom is not paid.

“The FFR has not received a ransom demand to date and will not wish to respond to it if necessary” warned the rugby body in its press release.

This attack and this blackmail fall particularly badly for the FFR, just a few days after Florian Grill, its new president, took office. In addition, the federation is preparing to organize its annual congress and general assembly next week in Lille. The hackers plan to release the documents two days before that deadline. And that’s not counting the Rugby World Cup, which is to be held in France from September and for which the French team, which is to meet from July 2 in Monaco, is one favorites.

An attack of a scale to be determined

Gray areas remain concerning this attack, in particular on the exact nature of the data recovered by the hackers. The messaging having been targeted, it is probably correspondence sent and received by the FFR. The latter specifies that it has worked “to research and analyze the data that could have been exfiltrated as part of this attack, including e-mails, contacts and calendar information”. A task complicated by the fact that “the activity history of part of the mailboxes” attacked could not be recovered. In its press release, the body does not specify the period covered by the possibly stolen data.

A bluff is not to be excluded from the pirates. Some cybercriminal groups do not hesitate to exaggerate the amount of information they have managed to recover in the hope of pushing the victim to the negotiating table.

Ransomware has become the main threat to digital crime in recent years. The groups that implement them rely on a complex criminal ecosystem, where groups responsible for compromising and infiltrating networks resell access to compromised systems to blackmailers, causing waves of victims. It is therefore very likely that the FFR was not specifically targeted and that the concomitance of the attack with the World Cup or the election of the new president of the body was purely fortuitous.

The “Play” group appeared in the plethora of ransomware cybercrime groups a year ago, specializing in attacks on email systems. This gang has notably targeted the Alpes-Maritimes department, the Spanish bank Globalcaja, the software publisher Xplain or the company Rackspace.

The hacking of the FFR has been, as required by law since personal data have been compromised, declared to the National Commission for Computing and Liberties (CNIL), further specifies the federation, which adds to have “entered into contact with the police,” without specifying whether a complaint had been filed.