Nearly 40 French museums reportedly affected by ransomware attack

Cybercriminals have reportedly attacked the system that centralizes the financial data of around 40 French museums in a ransomware attack over the weekend.

According to the local newspaper Le Parisien, the attack was detected by a security specialist at the Grand Palais museum — which is currently hosting an Olympic competition for fencing and martial arts — over the weekend.

Following the attack, access to Grand Palais servers was reportedly cut off. As a result, the 36 bookstores and boutiques at associated museums, such as the Louvre, the Palace of Versailles, Orsay and the Picasso Museum, were affected. The museums themselves did not have their operations disrupted.

The Louvre chief of staff, Matthias Grolier, wrote on X that contrary to what some media reported, the museum has not been targeted by the ransomware attack. “We remain vigilant. Solidarity with our colleagues who are victims of this attack,” he said.

Note de service 🚨: contrairement à ce qu’ont indiqué certains médias hier, le @MuseeLouvre n’a fait l’objet d’aucune attaque par rançongiciel. Nous restons vigilants. Solidarité avec nos collègues victimes de cette attaque. pic.twitter.com/TcZx85QK2w

— Matthias Grolier (@MatthiasGrolier) August 6, 2024

The unnamed hacker group behind the incident has demanded a ransom in cryptocurrency, threatening to release encrypted data within 48 hours if the ransom was not paid, according to the reports.

It’s not clear if the victims have negotiated with the hackers. There was no public statement regarding the attack, although the French security agency, ANSSI, which oversees the cybersecurity of the Olympic Games, told several local media that it was alerted about the incident and that the system affected by it wasn’t involved in the running of the Games. No data leak has been observed as of Tuesday, ANSSI said. The French police reportedly opened a criminal investigation into the attack.

It’s unclear if the attack is linked to the Olympics. Previously, researchers warned about the increase in cyberattacks from both nation-state hackers and cybercriminals exploiting the Olympic Games for either political or financial gains.

Big sporting events like the Olympics could be “an ideal opportunity for financially motivated cybercriminals to commit ransomware attacks,” said researchers at Recorded Future’s Insikt Group. The Record is an editorially independent unit of Recorded Future.

Companies involved in the event will be under significant pressure to maintain uninterrupted service and less prone to tolerate any downtime of core infrastructure that can disrupt proceedings and damage reputations.

Ransomware actors could use this to their advantage to extort high ransom payments from local businesses, researchers said.

Last week, France’s resigning Prime Minister Gabriel Attal said that the country’s security service thwarted 68 cyberattacks over the first few days of the Olympics, two of which targeted Olympic venues.

According to ANSSI, most of the reported attacks were of low intensity, such as distributed denial-of-service (DDoS) attacks, and no cyber incident affected the opening ceremony or the first events of the competition.