French skilled basketball crew LDLC ASVEL (ASVEL) has confirmed that information was stolen after the NoEscape ransomware gang claimed to have attacked the membership.
ASVEL is a French skilled basketball crew in Villeurbanne, Lyon, headed by former NBA star Tony Parker. The membership is taken into account essentially the most profitable one within the nation, having received 21 nationwide championships and 10 cups.
ASVEL’s says that they had been alerted to a possible breach on October 12 through the press, following their addition to NoEscape ransomware’s extortion portal on October 9, 2023.
“Alerted on October 12 by the press and having instantly contacted firms specializing within the discipline of cybersecurity, LDLC ASVEL is sadly in the present day in a position to verify that it has certainly been the sufferer of a violation of its laptop system, with information exfiltration,” reads a press assertion from ASVEL.
The menace actors claimed to have stolen 32 GB of knowledge, together with the private information of gamers, passports and ID playing cards, and lots of paperwork referring to finance, taxation, and authorized issues. NDAs, contracts, confidential letters. Contractual agreements with gamers are additionally allegedly included within the stolen information set.
The NoEscape ransomware gang is utilizing this stolen information as leverage, threatening to publish it by October 20, 2023, except ASVEL contacts them to barter a ransom cost.
ASVEL says they retained cybersecurity specialists who, on October 18, 2023, confirmed that the attackers breached the membership’s methods and stole information.
Though the breach didn’t impression the membership’s operations, it’s assessing the hurt to 3rd events with information uncovered on this incident.
One concern is the cost particulars of those that purchased tickets, merchandise, and membership membership playing cards from the official web site. As of in the present day, ASVEL says it has no proof that the attackers have stolen its followers’ cost information or checking account particulars.
The incident has been reported to CNIL (Fee Nationale de l’Informatique et des Libertés), France’s nationwide information safety authority, and a proper grievance is quickly to be submitted to regulation enforcement authorities.
It’s price noting that ASVEL has been faraway from NoEscape’s darknet portal, and the hyperlink to the unique entry now returns a 404 error. Additionally, no information has been leaked.
This might point out that the membership is negotiating with the ransomware gang to stop the leak of knowledge.
NoEscape is a comparatively new ransomware group launched in June 2023, concentrating on non-CIS (ex-Soviet Union) organizations with double-extortion assaults and demanding ransom funds starting from a number of thousand USD to over $10 million.
Believed to be a rebrand of Avaddon, which went defunct in 2021, NoEscape is able to concentrating on Home windows, Linux, and VMware ESXi servers.
