Nearly 40 French museums reportedly affected by ransomware attack

Avatar

Cybercriminals have reportedly attacked the system that centralizes the financial data of around 40 French museums in a ransomware attack over the weekend.

According to the local newspaper Le Parisien, the attack was detected by a security specialist at the Grand Palais museum — which is currently hosting an Olympic competition for fencing and martial arts — over the weekend.

Following the attack, access to Grand Palais servers was reportedly cut off. As a result, the 36 bookstores and boutiques at associated museums, such as the Louvre, the Palace of Versailles, Orsay and the Picasso Museum, were affected. The museums themselves did not have their operations disrupted.

The Louvre chief of staff, Matthias Grolier, wrote on X that contrary to what some media reported, the museum has not been targeted by the ransomware attack. “We remain vigilant. Solidarity with our colleagues who are victims of this attack,” he said.

The unnamed hacker group behind the incident has demanded a ransom in cryptocurrency, threatening to release encrypted data within 48 hours if the ransom was not paid, according to the reports.

It’s not clear if the victims have negotiated with the hackers. There was no public statement regarding the attack, although the French security agency, ANSSI, which oversees the cybersecurity of the Olympic Games, told several local media that it was alerted about the incident and that the system affected by it wasn’t involved in the running of the Games. No data leak has been observed as of Tuesday, ANSSI said. The French police reportedly opened a criminal investigation into the attack.

It’s unclear if the attack is linked to the Olympics. Previously, researchers warned about the increase in cyberattacks from both nation-state hackers and cybercriminals exploiting the Olympic Games for either political or financial gains.

Big sporting events like the Olympics could be “an ideal opportunity for financially motivated cybercriminals to commit ransomware attacks,” said researchers at Recorded Future’s Insikt Group. The Record is an editorially independent unit of Recorded Future.

Companies involved in the event will be under significant pressure to maintain uninterrupted service and less prone to tolerate any downtime of core infrastructure that can disrupt proceedings and damage reputations.

Ransomware actors could use this to their advantage to extort high ransom payments from local businesses, researchers said.

Last week, France’s resigning Prime Minister Gabriel Attal said that the country’s security service thwarted 68 cyberattacks over the first few days of the Olympics, two of which targeted Olympic venues.

According to ANSSI, most of the reported attacks were of low intensity, such as distributed denial-of-service (DDoS) attacks, and no cyber incident affected the opening ceremony or the first events of the competition.

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Hackers remotely wipe 13,000 students’ iPads and Chromebooks after breaching safety software

Next Post

Venezuelan government ratchets up digital repression surrounding tainted election

Related Posts

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"
Avatar
Read More