Cyber attack: Afnor admits to being confronted with Ryuk ransomware
Cyber attack: Afnor admits to being confronted with Ryuk ransomware
On Twitter, the French standardization association speaks modestly of a "technical problem" with its websites. Its press service, fortunately more transparent, mentions the Ryuk ransomware.
Valery Marchive
by
Valéry Marchive, Editor-in-chief
Posted on: Feb 19, 2019 2021
Ironically, when the President of the Republic, Emmanuel Macron, announced, this Thursday, February 18 at noon, the allocation of one billion euros , as part of the recovery plan, to cybersecurity , Afnor was shutting down the services it exhibits on the Internet, starting with its website.
CONTINUATION OF THE ARTICLE BELOW
DOWNLOAD THIS GUIDE FOR FREE
Security information 13: Identity management: still as complex, but crucial
Identity and access management involves control tools, but also and above all human resources and business lines. The good news is that the market appears mature, offering tools to deal with any situation.
Professional email address
I accept the terms of use TechTarget to and the privacy policy and transfer my information to the US for processing to provide me with relevant information described in our Privacy Policy.
I agree that my information will be processed by TechTarget and its partners in order to communicate with me by telephone or e-mail and this about information relevant to my professional context. I can unsubscribe at any time.
Initially, and again this afternoon, the French standardization association reported a "technical problem" in response to those who wondered about the situation on Twitter. The library of the University of Angers warned at the same time about the unavailability of a database dependent on Afnor, indicating: "following a cyber attack, Afnor had to interrupt its services".
Reached by telephone, on his initiative, a spokesperson for the association admitted that it was a “large-scale” cyberattack and that it led to the detonation of a ransomware : Ryuk. But no details, at this stage, neither on the extent of the quantified park nor on the chronology of the attack.
Since the beginning of the year, Ryuk has been observed in Houilles, at the Dax hospital center, and at the Villefranche-sur-Saône hospital . And that would not be a coincidence. According to our sources, the operators of Ryuk, Darkside and Revil are currently proving particularly active. For the first, we will particularly remember the attack on Sopra Steria last fall.
The French standardization association is preparing in all for several weeks of in-depth cleaning, before being able to relaunch all of its services. And we can hope that this will be an opportunity to modernize an infrastructure, certain elements of which exposed on the Internet before the attack were at least aging.
Afnor is unfortunately not the only organization to extend the list of victims of ransomware in France since the announcements of the President of the Republic. The town hall of Pontault-Combault indicates on its website that it was struck on Tuesday, February 16. She specifies that she notified the CNIL of the attack. This suggests that it was less fortunate than Afnor and was affected by a group practicing double extortion and thus having stolen data.
Our ransomware victim count in France is therefore already 12 for the month of February, and is most likely an underestimation of reality.
These attacks underscore that the blow to Emotet - once frequently used to distribute Trickbut or Qakbot before a Ryuk or Egregor deployment - did not make the threat go away. Because Emotet was far from being the only threat to electronic messaging. In this context, it is still just as important to take care of your DNS records , and to put in place what to detect, then block, a possible intrusion . And preferably identify the warning signs before a Ryuk detonates .
On Twitter, the French standardization association speaks modestly of a "technical problem" with its websites. Its press service, fortunately more transparent, mentions the Ryuk ransomware.
Valery Marchive
by
Valéry Marchive, Editor-in-chief
Posted on: Feb 19, 2019 2021
Ironically, when the President of the Republic, Emmanuel Macron, announced, this Thursday, February 18 at noon, the allocation of one billion euros , as part of the recovery plan, to cybersecurity , Afnor was shutting down the services it exhibits on the Internet, starting with its website.
CONTINUATION OF THE ARTICLE BELOW
DOWNLOAD THIS GUIDE FOR FREE
Security information 13: Identity management: still as complex, but crucial
Identity and access management involves control tools, but also and above all human resources and business lines. The good news is that the market appears mature, offering tools to deal with any situation.
Professional email address
I accept the terms of use TechTarget to and the privacy policy and transfer my information to the US for processing to provide me with relevant information described in our Privacy Policy.
I agree that my information will be processed by TechTarget and its partners in order to communicate with me by telephone or e-mail and this about information relevant to my professional context. I can unsubscribe at any time.
Initially, and again this afternoon, the French standardization association reported a "technical problem" in response to those who wondered about the situation on Twitter. The library of the University of Angers warned at the same time about the unavailability of a database dependent on Afnor, indicating: "following a cyber attack, Afnor had to interrupt its services".
Reached by telephone, on his initiative, a spokesperson for the association admitted that it was a “large-scale” cyberattack and that it led to the detonation of a ransomware : Ryuk. But no details, at this stage, neither on the extent of the quantified park nor on the chronology of the attack.
Since the beginning of the year, Ryuk has been observed in Houilles, at the Dax hospital center, and at the Villefranche-sur-Saône hospital . And that would not be a coincidence. According to our sources, the operators of Ryuk, Darkside and Revil are currently proving particularly active. For the first, we will particularly remember the attack on Sopra Steria last fall.
The French standardization association is preparing in all for several weeks of in-depth cleaning, before being able to relaunch all of its services. And we can hope that this will be an opportunity to modernize an infrastructure, certain elements of which exposed on the Internet before the attack were at least aging.
Afnor is unfortunately not the only organization to extend the list of victims of ransomware in France since the announcements of the President of the Republic. The town hall of Pontault-Combault indicates on its website that it was struck on Tuesday, February 16. She specifies that she notified the CNIL of the attack. This suggests that it was less fortunate than Afnor and was affected by a group practicing double extortion and thus having stolen data.
Our ransomware victim count in France is therefore already 12 for the month of February, and is most likely an underestimation of reality.
These attacks underscore that the blow to Emotet - once frequently used to distribute Trickbut or Qakbot before a Ryuk or Egregor deployment - did not make the threat go away. Because Emotet was far from being the only threat to electronic messaging. In this context, it is still just as important to take care of your DNS records , and to put in place what to detect, then block, a possible intrusion . And preferably identify the warning signs before a Ryuk detonates .
