“Cyberattack at Collège Montmorency. […] The management must contact us immediately if they want to prevent the full data from being published on our blog, ”writes the group of cyber-criminals AvosLocker, in English, on a page of the underground web.

Although it is not explicit in its threat, this closely watched group by the FBI usually demands a ransom from the organizations it hacks.

On May 19, the Cégep announced that it had been the target of a cyberattack. Police authorities and the Quebec government notified him earlier this week of the sale of data on the web, the establishment explained by email yesterday.

To prove its seriousness, hackers have made available on the dark web a sample of 15 files for free download. It also seems possible to contact the criminals if you want to buy all the data.

The QMI Agency was able to consult the sample data. It includes, among other things, communications between employees, plans and invoices. An employee’s cell phone number, email address and supplier signature are among the accessible elements.

Sensible

It is unclear, however, how sensitive the stolen files, which could be in the tens of thousands by our conservative estimates, are.

Nevertheless, “certain personal information on the College’s computer servers may have been compromised,” confirmed Marilyn Doucet, spokesperson for the educational institution.

A sign that the risk is real, the Cégep has even offered credit file protection to its community.

Ms. Doucet refuses to say whether the College plans to pay a possible ransom.

“This aspect of the file is highly confidential and it constitutes one of the critical elements in the police investigation,” she wrote. A specialized firm hired by the Cégep is however in contact with the criminal group, she confirms.

buy peace

According to computer expert Éric Parent, the college management finds itself faced with a delicate dilemma: should a ransom be paid?

“It always depends on the amount requested. If $25,000 is demanded, I would say pay and buy peace. But it is certain that you have just contributed to the enrichment of criminals. »

In theory, a payment should dissuade hackers from publishing the data, believes the CEO of EVA Technologies.

A graduate of Collège Montmorency, whose school work ended up in the sample of 15 files published by the hackers, fears that his personal information is in the hands of criminals.

“I don’t mind schoolwork, but if we’re talking about personal information, yes, I’m worried […] Do hackers also have my personal file with all my [sensitive] information , like my social insurance number?”, dropped Jean-Michel Lemieux, a graduate in dietetics, in an interview with the QMI Agency.

“I don’t have the answer to that question, and I don’t think I get it either,” he says. I find it a bit confusing.”

If he had received emails from the College advising him of the general situation, it was the QMI Agency that told him that one of his works was among the samples on the dark web.

By email, the establishment ensures that it does everything possible to inform and protect the persons concerned.

“Based on information held by the College, all those who may have been affected have been offered, at the expense of the College, credit file coverage,” said spokesperson Marilyn Doucet.

– With the collaboration of Philippe Langlois