Cyber Incident Victim: Hôtel-restaurant l'Ecu de France

On May 2, 2022, the Hôtel-restaurant L'Écu de France in Malesherbes, France, experienced a disruptive cyberattack that compromised its operational systems. The attack rendered the establishment’s software inaccessible and encrypted critical business data, forcing staff to revert to manual processes for daily operations. CEO Lorraine Grosmangin confirmed the encryption of data and disclosed that affected hard drives had been sent to a specialized recovery firm in an attempt to retrieve the information. Despite these challenges, the business remained open throughout the incident, though its operations were significantly hindered by the loss of digital systems. The attack underscored the vulnerability of small businesses to cyber threats, with Grosmangin emphasizing that such incidents "don’t just happen to others."

The establishment filed a formal complaint with the Malesherbes gendarmerie on the morning of May 3, 2022, initiating a law enforcement response. While the attack encrypted operational data, human resources records remained unaffected, limiting some potential liabilities. Staff maintained limited communication capabilities using personal laptops to access email accounts, and the business continued to accept phone inquiries. A ransom demand accompanied the attack, with attackers explicitly stating, "If you want me to return the computer, it’s a hundred euros!"—though no further details about payment or negotiation were disclosed. The incident highlighted the broader rise in cybercrime within the Loiret region, disrupting the hotel-restaurant’s workflows while demonstrating its resilience through continued service amid manual record-keeping and recovery efforts.