Paris Olympics ransomware attack hits famed Grand Palais venue


The historic Grand Palais museum complex, one of the sporting venues for the Paris Olympic Games, has been targeted by ransomware crooks, French cyber police revealed on Tuesday. Cybersecurity experts weigh in on the latest attack and what it means for the Paris Games.

Police said the cybercriminals had targeted the cultural site’s central computer systems, but the attack has not disrupted scheduled competitions at the complex.

The targeted systems are said to "centralize financial data" for brands located at the various institutions, a police source told Paris-based news outlet, Agence France-Presse (AFP), early Tuesday morning.

ADVERTISEMENT

The Grand Palais attack which took place over the weekend on Saturday evening was among roughly 40 other museums hit by the unnamed ‘organized gang,’ who threatened to release the financial data if a ransom demand was not paid within 48 hours, the 24-hour news agency reported.

France’s National Information Systems Security Agency (ANNSI) stated it was alerted to the incident and that a criminal investigation has been opened, providing no other details.

The police source told AFP the compromised systems were not involved with the Olympic games, also confirming that the world-famous Louvre was not one of the museums hit by the attackers.

French cyber agency prepared for Olympic attacks

Properly known as the Grand Palais des Champs-Élysées and located in the 8th arrondissement near the River Seine, the exhibition hall is hosting several Olympic events, including fencing and Taekwondo, Paris prosecutors said on Tuesday.

The Grand Palais management group, which also runs 36 other smaller museums in the French capital, released a statement verifying that all locations are operating normally and open to the public.

ADVERTISEMENT

The management group the Réunion des Musées Nationaux - Grand Palais stated that preliminary investigations showed no data was exfiltrated by the attackers.

Only one day before the Olympic opening ceremony kicked off on July 26th, French Prime Minister Gabriel Attal warned the public that cyberattacks during the Paris Olympic games would be “inevitable” and that the biggest challenge for ANSSI would be to “limit their impact.”

In June, Google's threat intel unit Mandiant warned that Russia’s nation-state-backed hacker groups presented the biggest threat to France during the Paris Olympics 2024, whether it be by conducting cyber scams, espionage, disinformation campaigns, or network disruptions.

Mandiant Olympic threats
Image by Mandiant.

“As this new ransomware attack hits just five days before the long-awaited 2024 Paris Olympics concludes, officials must remain vigilant for more cyberattacks on the horizon," said Kiran Chinnagangannagari, chief technology and product officer at cybersecurity services firm Securin.

With an estimated eight to twelve times more attacks expected than the Tokyo Games in 2021, the cybersecurity expert explained that Olympic security teams “critically depend on international cooperation” to protect against threat actors, whether “hacktivists, state-sponsored groups, or organized crime syndicates.”

Chinnagangannagari also pointed out that the Head of IT Security for Paris 2024 stressed its focus would be on preventing ‘sabotage operations.’

“Significant resources, training, and scenario planning have been dedicated to this effort, including maintaining the secrecy of the security center’s location,” Chinnagangannagari noted.

“Unsurprising – but potentially quite creative”

Josh Jacobson, Director of Professional Services at HackerOne called the Grand Palais ransomware attack “unsurprising – but potentially quite creative.”

ADVERTISEMENT

Jacobson said the outcome of this latest compromise could be beneficial to cybercriminals in myriad ways, impacting both attendees and Olympians, as well as the infrastructure and the people of Paris.

The HackerOne director provided two main examples:

  1. With the sheer number of venues scrambling to get their operations up and running after the attack, bad actors could rake in multiple ransom payouts across the victim pool and maximize financial gain.
  2. By targeting multiple locations, the threat actors could shift focus to ‘easier’ targets, using the unauthorized network access as a foothold into the Olympics’ broader IT systems.

“It will be interesting to watch the situation unfold on the world stage as there continues to be a significant risk of attacks until the Games end and beyond that,” Jacobson said.

Associated venues, attendees and spectators still need to watch out for “fake ticketing sites, social engineering campaigns, and phishing attacks,” he said.

“Who these cybercriminals target depends on what information they want to gather and from whom it could be nations targeting their own people to track dissent or criminals looking for financial gain,” he added.