Menu
Browse

Cyber Threat Actor: Ransomed

Actor Type Location Known Incidents
 Icon
Criminal
France
1 incident
Profile

Ransomed isa threat actor known by that alias and is associated with France, as indicated by the location attribute in the available reporting. The actor came to public attention through a ransomware incident that occurred on February 3, 2023, targeting Lumila, a subcontractor of the French national railway company SNCF. In this attack, the threat actors successfully compromised a single workstation at one of Lumila’s sites, deploying ransomware to encrypt data on that system. Following the compromise, the attackers issued a ransom demand, although the exact amount requested has not been disclosed in any public source. The nature of the malware used, the initial access vector employed, and any additional tooling or tactics associated with the operation remain unspecified in the referenced material.

The incident prompted an immediate response from specialized cybercrime units, which launched an investigation to determine the full scope of the breach and to identify the perpetrators. Despite the investigative effort, publicly available sources confirm that the complete extent of the data exfiltration or system impact has not been ascertained, and the ransom amount remains unconfirmed. SNCF issued a statement clarifying that its own networks were not endangered because the IT systems of Lumila were isolated from those of the railway operator, thereby preventing lateral movement of the ransomware. No further details regarding Ransomed’s broader activity, typical targets, strategic objectives, or affiliations have been made public in the sources provided. Consequently, the profile is limited to the confirmed facts surrounding this single reported ransomware event.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources