ASVEL Basketball Team Succumbs to Ransomware Attack, Unveils Disturbing Data Breach

ASVEL Confirms Data Breach After NoEscape Ransomware Attack

LDLC ASVEL, a prominent French professional basketball team based in Villeurbanne, Lyon, has recently acknowledged a data breach following an attack by the NoEscape ransomware gang. Former NBA star Tony Parker heads the successful club, which has won an impressive 21 national championships and 10 cups, making it the most accomplished team in France.

On October 9, 2023, ASVEL discovered their addition to the NoEscape ransomware’s extortion portal, leading to their awareness of a potential breach on October 12. The press initially alerted the club about the situation. Consequently, ASVEL promptly reached out to cybersecurity companies for assistance in investigating the incident.

A press statement from ASVEL states, “Alerted on October 12 through the press and having immediately contacted companies specializing in the field of cybersecurity, LDLC ASVEL is unfortunately today able to confirm that it has indeed been the victim of a violation of its computer system, with data exfiltration.” [source]

The threat actors behind the attack claim to have obtained 32 GB of data, including players’ personal information, passports, ID cards, financial documents, tax records, legal papers, NDAs, contracts, and confidential letters. Notably, the stolen data set also allegedly contains contractual agreements with players.

In an attempt to extort ASVEL, the NoEscape ransomware gang is using the stolen data as leverage. They have threatened to publish it by October 20, 2023, unless the club engages in ransom negotiations with them.

ASVEL promptly engaged cybersecurity experts, who confirmed on October 18, 2023, that the attackers had indeed breached the club’s systems and stolen data. Fortunately, the breach did not impact the club’s operations. However, ASVEL is currently assessing the potential harm caused to third parties whose data was exposed in this incident.

One area of concern revolves around the payment details of individuals who purchased tickets, merchandise, and club membership cards from ASVEL’s official website. At present, there is no evidence suggesting that the attackers have compromised the payment data or bank account information of ASVEL’s fans.

The club has promptly reported the incident to CNIL (Commission Nationale de l’Informatique et des Libertés), France’s national data protection authority. Furthermore, ASVEL plans to file a formal complaint with law enforcement authorities to address the breach.

It is worth mentioning that ASVEL has been successfully removed from NoEscape’s darknet portal, and the link to the original entry now leads to a 404 error page. Thus far, no data from the club has been leaked, indicating a potential negotiation between ASVEL and the ransomware gang to prevent the release of the stolen information.

NoEscape, a relatively new ransomware group that emerged in June 2023, focuses on targeting organizations outside the CIS region (ex-Soviet Union) through double-extortion attacks. They demand ransoms ranging from a few thousand USD to over $10 million. It is believed that NoEscape is a rebrand of Avaddon, a ransomware group that became inactive in 2021. NoEscape possesses the capability to target Windows, Linux, and VMware ESXi servers.