The Grand Est region falls victim to a malicious Valentine's Day gift!
On February 14, 2020, a large-scale cyberattack paralyzed the IT systems of 7,500 public servants. Elected officials in the Grand Est region (including Strasbourg, the region's capital) were affected. Computers in high schools in Champagne-Ardenne, Lorraine, and Alsace were also compromised by the same attack.
According to the investigation conducted by the judicial police, this appears to be a phishing cyberattack: an email requesting contact was sent by a hacker. (source: L’Est Républicain“Grand Est region: after the cyberattack, the response”).
This contained a Dridex-type Trojan horse. Once implanted in the Grand-Est region's internal network, the intruder spread discreetly and perniciously from machine to machine. Its objective: to deposit, at each stage, a cryptolocker whose ultimate goal was to carry out a ransomware attack. (Cryptolocker malware locks access. It then encrypts all the content of the operating system and applications.
How is the Grand Est region responding to the cyberattack?
In order to identify the source of the virus and respond as quickly as possible, the IT teams shut down the system. Internal software, the Wi-Fi and internet network, email, badges, and documents stored on the Grand Est region's shared servers: everything became inaccessible to some and out of service for others.
The region refused to pay any ransom and filed a complaint. Indeed, it should be remembered that paying a ransom condones the attackers' actions. It allows them to ensure the viability of their activity. They thus have sufficient financial resources to work on another virus.
The attack mobilized 40 people from IT Services and an external service provider who, assisted by CERT and ANSSI, responded very quickly.
Four days after the intrusion, IT Services authorized agents and elected officials to send emails with attachments.
The cyberattack did not result in the theft of financial or other sensitive files.
What lessons can be learned from the cyberattack?
“In the end, you can never be too prepared!”
As Delphine Gougeon, Secretary General of the Grand Est region, points out: since this event, the region has strengthened its security measures.
Indeed, digital technology, which is indispensable in contemporary society, is not 100% reliable.
According to Jérôme Notin, Director General of Cybermalveillance, "phishing is the leading source of support requests, and it opens the door to other types of hacking. We have also seen a sharp increase in ransomware"(source: JDN)... One of the cyberattacks facing several countries (for example, the resurgence of ransomware in Belgium since 2018).
