Ransomware infection hits French cultural institution hosting Olympic events
The Grand Palais Réunion des musées nationaux (Rmn) in France disclosed that it suffered a ransomware attack on August 3rd, 2024. Grand Palais Rmn is a critical institution responsible for managing several major museums and cultural sites in France, including hosting key events for the 2024 Paris Summer Olympics.
According to reports from Le Parisien, the cyberattack caused operational disruptions at Grand Palais Rmn. Internal sources tell the media outlet that the incident was specifically a ransomware infection. However, claims that other prestigious museums under Rmn’s management were also impacted, such as the Louvre museum, were disputed by Louvre director Matthias Grolier to other news outlets.
Systems shut down to contain ransomware spread
As a result of the ransomware attack, Grand Palais Rmn was forced to shut down internal systems to prevent further propagation of the malicious files across their networks. This led to disruptions in the bookstores and boutiques operating at various museums under Rmn’s oversight. However, Rmn was thankfully able to devise alternate solutions allowing these front-facing services to function autonomously while remediation efforts took place.
No data theft, Olympic events unaffected
In an official statement, Grand Palais Rmn claimed the ransomware infection had no other impact on the normal functions of museums they manage. All cultural sites, exhibitions, and most importantly – the Olympic fencing and taekwondo events hosted at Grand Palais itself, proceeded smoothly without issues. The 36 museum shops continued operating normally as well in an autonomous fashion.
Ransom note but no known data exfiltration
The initial ransomware actors left a note demanding payment in cryptocurrency for stolen data. However, preliminary investigations by Rmn and assisting French authorities like ANSSI revealed no signs of any data being exfiltrated from the breached systems.
Hijacked account may be source of infection
LeMagIT editor Valery Marchive shared credible evidence suggesting the ransomware could have originated from hijacking the account of a Grand Palais Rmn collaborator. The threat actors may have infected the individual using malware to steal their system credentials, facilitating initial access. No ransomware groups have taken credit, leaving the true perpetrators still unknown.
In this serious ransomware attack against a critical French cultural institution during the Olympics, French authorities and Rmn appear to have acted swiftly to contain damages. Further forensic investigations aim to fully understand attack vectors and prevent future incidents disrupting cultural activities and events. The tourism and economic impacts of successful cyberattacks on global events like the Olympics could be immense, emphasizing the importance of cybersecurity precautions for all organizations involved.