Cyber Incident Victim: Société coopérative agricole de la région d'Arcis-sur-Aube
Date:
Sep 2023
Location:
France
Summary
The Société coopérative agricole de la région d’Arcis-sur-Aube (Scara) experienced a cyberattack by the international criminal group No Escape, involving data exfiltration of sensitive documents including scanned IDs, contracts, and operational plans. The attackers employed a double extortion strategy, threatening to publish stolen data, launch DDoS attacks against online services, and initiate spam campaigns using exfiltrated email databases unless a ransom was paid. No Escape, motivated primarily by financial gain despite initial references to political targeting, has a history of similar attacks against healthcare and commercial entities across multiple continents. The cooperative filed a formal complaint, prompting an ongoing investigation by specialized national police units, with the organization confirming restoration of normal operations following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 21, 2023, the Société Coopérative Agricole de la Région d’Arcis-sur-Aube (Scara), an agricultural cooperative based in Arcis-sur-Aube, France, experienced a cyberattack by the international hacking group No Escape. The attackers exfiltrated at least a portion of the cooperative’s data, including scanned identity documents, contracts, and architectural plans. No Escape subsequently published some of the stolen data on the dark web and issued a ransom ultimatum to Scara through a posted message. The group threatened to release all remaining data, launch distributed denial-of-service (DDoS) attacks against Scara’s online services, and initiate a spam campaign using stolen email addresses unless the cooperative appointed a negotiator to contact them promptly. Cybersecurity journalist Damien Bancal first reported the incident on his website on October 5, 2023, describing No Escape as a profit-driven group of “very bad guys” active since June 2023 with prior attacks against the Namur Regional Hospital in Belgium and multiple European and American businesses.
Scara President Alain Herbinet confirmed the breach and subsequent operational disruptions, though the cooperative eventually restored normal operations. The attackers employed a double-extortion strategy characteristic of No Escape’s previous operations: data theft coupled with DDoS attacks to pressure victims into paying ransom. Scara filed a formal complaint with French authorities, triggering an ongoing investigation led by specialized national police units based in Marseille. No Escape’s published threat emphasized time sensitivity but did not specify a ransom amount. While Bancal’s initial report referenced possible political targeting, he clarified that financial gain remained the group’s primary objective. The breach exposed sensitive personal and organizational data, creating potential risks for identity theft and operational confidentiality, though no further data releases or disruptive attacks were reported after Scara regained control of its systems.