September 29, 2023

The French city of Sartrouville is recovering from a cyberattack that restricted providers final week.

In a press release on Friday, metropolis officers mentioned their IT division is recovering from a “limited-scale assault” that affected metropolis servers on August 17.

Sartrouville has greater than 50,000 residents and is about 45 minutes outdoors of Paris.

Whereas the city’s assertion doesn’t say whether or not it was a ransomware assault, they defined that their backup programs allowed them to hurry up the restoration course of.

“The assault, which happened on August 17, solely focused sure pc servers on the city corridor. The technical groups instantly took measures to comprise and neutralize the incident,” they mentioned.

“Because of their vigilance and speedy response, the affect of the assault was restricted.” The city additionally notified the federal government’s OCLCTIC cybercrime authority.

Officers famous that the city’s IT division has arrange a “sturdy” backup system that allowed them to protect crucial knowledge and “reduce disruption to the operation of municipal providers.

Pierre Fond, mayor of Sartrouville, touted the backup system and thanked the IT division for its work.

“We wish to guarantee our residents that every one crucial measures have been taken to resolve this example as quickly as attainable,” he mentioned. “Our IT workforce is working tirelessly to revive all of our providers.”

The Medusa ransomware gang took credit for the assault on Saturday, posting the municipal authorities to its leak web site, in response to cybersecurity professional Dominic Alvieri. Le Parisien, which first reported the incident, confirmed that metropolis officers discovered the Medusa ransomware on their programs.

The newspaper famous that whereas the native police division was spared, the hackers gained entry to monetary info of town, budgets, banking particulars, medical information and knowledge on native colleges.

The group has been behind a number of brazen incidents in 2023, together with a wide-ranging assault on Tonga’s state-owned telecommunications firm in February, an Italian firm that gives consuming water to just about half one million individuals and Minneapolis’ public faculty district.

In an advisory final 12 months, the Cybersecurity and Infrastructure Safety Company warned that Medusa operates as a Ransomware-as-a-Service (RaaS) mannequin and usually provides associates 60% of ransoms whereas preserving the remainder.

“Noticed as lately as Could 2022, MedusaLocker actors predominantly depend on vulnerabilities in Distant Desktop Protocol (RDP) to entry victims’ networks,” they wrote in a joint memo with the U.S. Division of Treasury and the Monetary Crimes Enforcement Community final 12 months.

“The MedusaLocker actors encrypt the sufferer’s knowledge and depart a ransom be aware with communication directions in each folder containing an encrypted file.”

A number of French governments and corporations have confronted off with ransomware gangs within the final 12 months. The islands of Guadeloupe and Martinique have each handled ransomware incidents that restricted providers whereas a big hospital and a significant cell phone community had been hit with assaults final 12 months.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand coated cybersecurity at ZDNet and TechRepublic.