Ransomware has infiltrated the IT systems of 40 French museums, including the renowned Louvre. The incident, which occurred on the night of August 3-4, 2024, was first detected by the director of information systems at the Grand Palais site.
The director noticed unusual activity in the computer systems and promptly raised the alarm, signaling the onset of a ransomware attack.
Ransomware: A Double-Edged Sword
Ransomware is malicious software that encrypts data, rendering it unreadable and inaccessible.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
The hackers targeted the computer system that centralizes financial data from brands located in these museums. In a classic extortionist move, the attackers demanded a ransom in cryptocurrencies.
They employed a two-pronged strategy: first, they offered to sell the decryption key to the victims, and second, they threatened to publish or sell the siphoned data if the ransom was not paid.
According to the Le Parisien report, the attackers have given the museums 48 hours to contact them, failing which they will release the encrypted data.
This tactic puts immense pressure on the victims to comply, as the threat of data exposure can have severe repercussions.
Investigation and Response
The cybercrime brigade (BL2C) has launched an investigation into the incident, focusing on an “attack on an automated data processing system, organized extortion, and criminal association to commit a crime or offense punishable by five years’ imprisonment.”
The National Cybersecurity Agency of France (ANSSI), which oversees the cybersecurity of the Olympic Games, has been alerted and is providing support.
ANSSI has confirmed that this incident does not impact the information systems involved in running the Olympic and Paralympic Games, ensuring that the games’ operations remain unaffected.
The ransomware attack on these cultural institutions highlights the increasing threat of cybercrime and the need for robust cybersecurity measures to protect critical infrastructure.
In the coming days, we will be closely watching the outcome of the investigation and the museum’s response to the ransom demand.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access