The police have only one nickname: Lacoste, like the crocodile brand. According to an investigation by the French authorities, behind this pseudonym is a Spanish hacker who, from his central apartment worth 7,000 euros per month in Madrid, blackmails and demands ransoms from company in his country in exchange for giving them back access to their databases. , which he had previously sabotaged. This is the version of the French police, who accused him of causing damage to 26 companies in neighboring countries worth more than two million euros, when the losses were due to lack of activity, the purchase of programs of computer and the payment will be added. the rescue. The defense maintains that the results of the cyber attacks were much lower than the agents claimed and that Spanish participation in the extortion scheme has not even been proven. A French judge, for now, released him temporarily pending the completion of the investigation.
It all started in July 2021, with a complaint from a boiler sales and installation company. The company, based a few kilometers from Bordeaux, claimed that someone had encrypted its databases and left a cyber message demanding the payment of a ransom. In real life, this means that they kidnap the raw materials that the company uses every day and leave a letter in which they demand money in exchange for its return. From that date to February 2022, French authorities have identified 25 other attacks of this kind that came from the same source. At least two of the companies paid ransoms, one for boilers and one dedicated to the installation of heating and ventilation systems, but this transaction did not help them recover their data.
How he acted
The method used by this extortion network to protect victims’ data is Babuk ransomware, a virus introduced into systems through phishing emails (which impersonate a real page and lead to a counterfeiting) or looking for vulnerabilities in outdated computer hardware. Once executed on the victim’s system, Babuk searches for and encrypts important files using cryptographic algorithms. The preferred victims of cybercriminals who use this method are medium-sized companies, which have a considerable amount of computerized data, but have protection systems that are not as sophisticated as large companies.
The authorities’ investigation led to Lacoste, a 29-year-old man located in Spain. French investigators discovered that the ransom was paid in bitcoin (virtual currency) and also found transactions between extortion companies and a virtual wallet in the name of the accused, but they could only verify the payment which is 600 euros. The agents also included as evidence several photos of the hacker with lots of money, luxury cars and lease contracts for luxury apartments in Madrid. The alleged hacker faces charges of criminal organization, money laundering, fraud and extortion.
The French prosecutor’s office ordered the arrest of the Spaniard in July and, in August, the National Court accepted his surrender to the French justice system, a procedure that was stopped pending a decision on an appeal by his defense, done by lawyer Juango Ospina. Finally, the lawyer negotiated a voluntary declaration, instead of the forced surrender, which happened last week. After five hours of testimony, the prosecution asked for his imprisonment and the judge granted it.
However, a tool of French justice allows that decision to be appealed at that time before a judge of guarantees, a magistrate not involved in the case who listens to the accusation and defense from the left. The Spanish lawyer maintained that the police investigation was based on “assumptions” and that the amount defrauded was far from two million euros. This new judge decided to release the Spaniard after finding no reason for the flight risk and appreciated that there has been no new criminal activity in recent months.