iQera confirms ransomware attack

Website under maintenance, telephone lines inaccessible: the group, resulting from the merger of MCS Groupe and DSOgroup, can temporarily no longer collect the sums it has to claim.
Valery Marchive
Valéry Marchive, Editor-in-chief
Posted on: May 11, 2021
[Update May 14, 2021 @ 3:30 pm] In a press release, iQera indicates that it “detected” on May 10 “a viral ransomware attack”, without specifying the ransomware family involved. And to ensure to have “immediately reacted and taken the necessary measures to limit the impact of this attack. In particular, as a precautionary measure and in order to protect our customers, our employees and our partners, all information systems (networks and applications) were immediately suspended in order to prevent any propagation of the virus ”.
In its press release, iQera ensures that it has set up a “regular information system” for “customers, partners and competent authorities”. And to add that a “telephone hotline and a dedicated email address have been set up for individuals and professionals whose files we manage in order to reassure them about the alternative solutions that will be deployed to allow them to access the follow-up of their account and the delay of the scheduled dates ”.

But the story appears far from over: “an investigation is still underway, carried out by our internal experts and by independent experts, to establish a diagnosis on the extent and possible consequences of the attack. This diagnosis will make it possible to organize the restoration of our systems and the resumption of our activities in optimal conditions for our customers, our employees and our partners ”.

[Original article] Prosaically, the website of bank debt giant iQera says it is undergoing maintenance. In practice, as some Internet users began to worry about it yesterday, it is impossible for creditors to pay the sums claimed from them by iQera or by its Effico branch. And nothing on the side of official communication: on Twitter, the iQera account simply invites you to chat in private messages.

There is therefore no question, for the time being, of openly informing about what affects the information system of the group resulting from the merger of MCS Groupe and DSOgroup at the end of 2019. On the telephone, the situation is hardly better: At the time of this posting, it seems impossible to reach anyone in the company.

However, internally, the situation is already very clear, according to our sources: iQera is the subject of a cyberattack involving ransomware . We have yet to confirm the ransomware family in question, but the name currently circulating, according to our sources, raises concerns of data theft.

We directly contacted the person in charge of iQera communications who referred us to the group’s external public relations agency, while indicating that “all our teams are doing their best to manage the situation”, but without providing More details.

The external PR agency has taken note of our questions, but has yet to respond to them as of this writing. She did not appear to have been made aware of the situation at the time of our initial contact. We will be sure to update this article with the elements that she will send us.

The unfortunate irony of the situation is that iQera seems to take the security of its information system seriously. According to several corroborating sources, the group has started to deploy a detection and remediation system on hosts ( EDR ), as a demonstrator. But obviously not on the critical systems which would have made it possible to raise the alert before the deployment and detonation of the ransomware .