Greater Paris wastewater agency dealing with cyberattack

The organization that manages wastewater for nine million people in and around Paris was hit with a cyberattack on Friday.

Service public de l'assainissement francilien – known by its acronym SIAAP — manages nearly 275 miles of pipes throughout four French departments.

The organization said on Friday that it filed a complaint with the judicial police and National Commission on Informatics and Liberty (CNIL) following the discovery of a cyberattack.

IT teams have worked since Wednesday to secure industrial systems and close off all external connections in order to prevent the attack from spreading.

Officials said they have prioritized measures that allow them to “maintain the continuity of the public sanitation service for Ile-de-France residents.”

“The SIAAP crisis unit remains mobilized to manage the aftermath of this attack and support the continuity of the work of all of its agents from this week in a working environment largely degraded by the current situation,” they said, according to a machine translation of the statement.

“This mobilization will continueuntil a return to normal can be ensured.”

The organization has set up local systems to answer any questions from the public and said they are in constant communication with various government agencies about the situation.

The statement was accompanied by an emergency order from Thursday authorizing officials at the organization to hire outside cybersecurity firms and purchase any equipment necessary to recover or restore systems needed for them to continue their work.

No hacking group has taken credit for the attack, but water authorities have been a prime target for ransomware gangs eager to target critical services in possession of sensitive customer information.

In May, an Italian company that provides drinking water to nearly half a million people experienced some technical disruptions following a ransomware attack and the water utility of Porto, Portugal's second-largest city, dealt with its own ransomware attack in February.

South Staffordshire Water, which supplies water for more than 1.7 million people in England, was severely damaged by a ransomware attack in August 2022. The agency that manages Puerto Rico’s water supply was forced to call in the FBI to investigate a ransomware attack in March.

U.S. law enforcement agencies said ransomware gangs hit five U.S. water and wastewater treatment facilities from 2019 to 2021 — and those figures did not include three other widely-reported cyberattackson water utilities.

The problem has gotten so bad for so many water utilities that last week, the U.S. cybersecurity agency announced a new voluntary pilot program offering “cutting-edge cybersecurity shared services” to water utilities and other critical infrastructure organizations.