The Grand Palais in Paris, a historic exhibition hall and current Olympic venue, has disclosed a cyberattack that occurred over the weekend. On August 3rd, evidence of a cyber intrusion was discovered by a security specialist and venue authorities promptly shut down systems to prevent its spread.
Shortly after the incident, attackers contacted the venue to demand a ransom, threatening to publish the financial data they had obtained if their demands were not met within 48 hours. The specific amount of money requested remains undisclosed, and it has not been made public whether or not the venue negotiated with the attackers. The Grand Palais has taken immediate measures to mitigate the impact and continues to collaborate with French cybersecurity authorities to investigate and resolve the issue.
Preliminary reports suggest the attack may have been facilitated by stolen credentials from a collaborator, obtained through info-stealer malware. No ransomware group has claimed responsibility for the attack at this time.
Despite the cyber intrusion, the historic venue, currently hosting significant Olympic events such as fencing and taekwondo competitions, has assured that operations continue without major disruptions.
Why It Matters: The cyberattack on the Grand Palais highlights the vulnerability of critical infrastructure during high-profile events like the Olympics and the intent of threat actors to strike when the world is watching. While authorities have successfully managed to prevent major disruptions thus far, this incident serves as a stark reminder that cyber threats can strike at any time and heightened awareness, effective mitigation strategies, and comprehensive recovery plans continue to be the key elements for a successful cyber defense.
- Timeline of Events: The ransomware attack on the Grand Palais was discovered on the night of August 3, 2024. By August 4, the attackers had demanded a ransom, threatening to leak stolen data if not paid. On August 5, the Grand Palais publicly disclosed the cyberattack, assuring that Olympic events would continue as planned.
- Immediate Response: Quickly after the attack, the Grand Palais promptly informed ANSSI, CNIL, and the Ministry of Culture. ANSSI is aiding in the remediation and network restoration process, with initial investigations showing no data exfiltration from compromised systems.
- Olympic Events Unaffected: Despite the cyberattack, Olympic events at the Grand Palais proceeded without issues. The institution confirmed that the 36 museum shops managed by the Grand Palais are operating normally, ensuring public access remains uninterrupted.
- Preparation by the Olympic Committee: The Olympic Committee anticipated potential cyber threats and implemented thorough cybersecurity protocols in collaboration with French authorities. These preparations were instrumental in minimizing the impact of the ransomware attack on the games.
Go Deeper -> France’s Grand Palais Discloses Cyberattack During Olympic Games – Bleeping Computer
French Police Probe Ransomware Attack on Grand Palais Olympic Venue – Reuters