Cyber Incident Victim: Paris-Normandie
Date:
Nov 2020
Location:
France
Summary
A French newspaper fell victim to a ransomware attack that severely disrupted its operations, crippling all computer systems and preventing website updates for over a day. The incident forced the publication to consolidate multiple regional print editions into a single issue during confinement, significantly limiting its distribution capabilities. Technical disruptions persisted from the initial overnight attack through the following day, paralyzing both digital and physical production workflows without full restoration timelines disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 18, 2020, the French regional newspaper Paris-Normandie experienced a disruptive cyberattack that severely impacted its operations. The incident began during the overnight hours between Tuesday, November 17, and Wednesday, November 18, when attackers compromised the newspaper's computer systems. By 1:00 PM on November 18, staff discovered they could no longer update the organization's website, though printing operations initially continued. The newspaper publicly acknowledged the incident via Twitter on the morning of Thursday, November 19, confirming a cyberattack had affected all computer systems. This comprehensive system compromise forced editorial and production teams to work with limited technological capabilities as the attack progressed.
The ransomware attack caused significant operational disruptions across both digital and print platforms. Website updates remained impossible for at least 24 hours following the initial detection, depriving readers of online content. Print operations suffered severe constraints, with the newspaper abandoning its standard practice of producing three separate regional editions during France's COVID-19 confinement period. Instead, only a single consolidated regional edition could be published on November 19. No technical details about the ransomware variant or specific containment measures were disclosed publicly. The incident demonstrated how critical infrastructure failures could simultaneously disrupt digital services and physical production capabilities in media organizations.