Cyber Incident Victim: Isle-sur-la-Sorgue

On April 9, 2021, at 4:42 AM, the City of Isle-sur-la-Sorgue in Vaucluse, France, experienced a ransomware attack that compromised its servers. Hackers remotely infiltrated municipal systems, encrypting all files and rendering them inaccessible for operational use. The attackers demanded a ransom payment of €500,000 in exchange for the decryption key required to restore access. Mayor Pierre Gonzalvès publicly confirmed the attack’s severity, noting it was the municipality’s first incident of this nature and characterizing the intrusion as likely originating from abroad. The encryption paralyzed administrative functions by making critical files unusable, though no data destruction or theft was reported. The attack was detected immediately upon encryption, as systems became non-functional at the documented intrusion time. City officials did not engage with the threat actors or consider paying the ransom, according to public statements.

The city mitigated data loss through pre-existing backups stored on an independent external server unaffected by the attack. Technical teams prioritized restoring systems by methodically recovering and reinstalling files from these backups, a process projected to require several days of concentrated effort. No secondary demands or threats of data leakage accompanied the ransom demand, focusing the impact solely on operational disruption rather than confidentiality breaches. Municipal services faced prolonged downtime during recovery, though essential data remained preserved. The incident concluded with restoration efforts underway, with no further attacker activity or escalation reported following the initial encryption event.