The Grand Palais Réunion des musées nationaux (Rmn), an institution responsible for managing several prominent museums and cultural sites in France, announced it suffered a cyberattack on the night of Saturday, August 3, 2024. This attack has led to significant operational disruptions, especially affecting museum bookstores and boutiques.
Details of the Attack
The Grand Palais Rmn, a historic site in Paris currently hosting major art exhibitions and cultural events for the Olympic Games, reported the disruption on Monday via the French daily, Le Parisien. Internal sources confirmed the cause as a ransomware attack. While the Grand Palais itself remains operational, the attack forced the institution to shut down some systems to prevent the malware from spreading further.
There were initial claims that the attack affected other museums, including the prestigious Louvre. However, these were disputed on X by the Louvre's director, Matthias Grolier, who assured the public that the Louvre’s operations were unaffected.
According to the French media outlet Sud Ouest, the Grand Palais Rmn had to create a solution allowing its bookstores and boutiques to operate autonomously amidst the system shutdown. Despite these disruptions, the Grand Palais Rmn maintained that the cyberattack had no further impact on the museums under its management, which continue to function as usual. "No impact has been observed on the operations of the Grand Palais, where the Olympic events on Sunday proceeded without any issues," the institution stated.
Official Response and Investigation
In response to the attack, the Grand Palais Rmn promptly informed ANSSI, France's cybersecurity taskforce, as well as the National Commission on Informatics and Liberty (CNIL) and the Ministry of Culture. ANSSI is currently assisting with remediation and network restoration efforts. Initial investigations have found no evidence of data exfiltration from the compromised systems. Nevertheless, the attackers left a ransom note demanding payment in cryptocurrency and threatening to leak stolen data.
Rogier Fischer, CEO of the Netherlands-based cybersecurity service Hadrian, commented on the incident, suggesting that "it is highly likely that the cyberattack on Grand Palais Rmn was initiated through stolen credentials." Fischer emphasized the evolving nature of cyber threats, stating, "Incidents like these show time and again that preventive measures are essential but not foolproof, as sophisticated cyberattacks continually evolve, exploiting new vulnerabilities and human error. While prevention is a critical component of cybersecurity, it must be complemented by robust detection and response capabilities. This involves implementing advanced threat detection systems that can identify and respond to suspicious activities in real time."
LeMagIT's editor-in-chief Valery Marchive reported credible evidence that the attack might have been facilitated by a hijacked account of a Grand Palais Rmn collaborator, whose credentials were stolen using info-stealer malware. As of now, no ransomware groups have claimed responsibility for the attack, leaving the perpetrators unidentified.
Looking Forward
As the Grand Palais Rmn continues to collaborate with cybersecurity experts to secure its systems and prevent future breaches, it remains dedicated to managing and showcasing France’s cultural heritage. The institution is determined to enhance its cybersecurity measures and ensure the safety of its operations.
Further updates will be provided as the investigation progresses, and additional security measures will be implemented to safeguard the Grand Palais Rmn and the invaluable cultural assets it oversees.
Comments