The Snatch ransomware group has claimed it has breached the systems of Hemeria Group, a partner of defense and space systems maker of the French Space Agency CNES.
According to the leak site post, the operators of Snatch started negotiating on April 18, 2022, over the Hemeria Group data breach.
Negotiations around the Hemeria Group data breach
Cybersecurity researchers have posted about the Hemeria Group data breach with screenshots from the ransomware group’s post.
The operators mentioned on their leak site about the Hemeria Group data breach and that they initiated talks with the Palace of Versailles to maintain caution because the company data is considered a state secret.
The National Centre for Space Studies (CNES) is headquartered in central Paris and is supervised by the French Ministries of Defence and Research.
The post read that the group was asked to wait for a week by the Palace of Versailles officials, until the second round of the French presidential elections.
After the elections, the Palace of Versailles officials stopped replying to the ransomware gang about the Hemeria Group data breach.
Moreover, Hemeria management also replied by denying having anything to do with the data that Snatch had. The firm also did not seem to be affected by the data breach news.
The time gap between the Hemeria Group data breach and the leak site post
The post was created on February 17, 2023, indicating that the Snatch ransomware group either waited after the alleged Hemeria Group data breach or sold or leaked the information via other channels. The data breach post was updated on February 24.
Not much has been found about the data size and affected users. The Cyber Express contacted the Hemeria Group via the website feedback page. We are still waiting to receive a confirmation from them.
Snatch ransomware group
The Snatch ransomware group was discovered in December 2018 and is associated with Russia. The extortion group uses phishing valid accounts to gain access to the targeted systems following which it encrypts and exfiltrates system data.
The Snatch ransomware maintains persistence by employing Reg.exe and evades detection.
Stay updated with ransomware news and watch this space.
