Cyber Incident Victim: Commune de Dammartin-en-Goële
Date:
May 2024
Location:
France
Summary
The Commune de Dammartin-en-Goële experienced a major cyberattack attributed to Russian-speaking hackers, who compromised municipal servers using Lockbit 3.0 ransomware. The infection disrupted multiple services, forcing operations into degraded mode indefinitely, with critical files and documents rendered inaccessible. Investigations by municipal IT teams and gendarmerie cyber units are ongoing to assess the full scope of the breach, while parallel efforts focus on server cleanup and restoration to resume normal operations. The municipality acknowledged significant operational impacts but has not yet determined the extent of data or network compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 26, 2024, at 16:20 local time, the municipal systems of Dammartin-en-Goële in Seine-et-Marne, France, experienced a major cyberattack. Russophone hackers breached the town’s servers despite existing security measures, deploying Lockbit 3.0 ransomware that infected numerous files and administrative records. The attack forced multiple municipal services—including unspecified critical functions—into degraded operational modes, significantly disrupting routine operations. Municipal authorities immediately acknowledged the incident publicly through their official website and Facebook page, confirming the ransomware’s presence but disclosing no initial details about data theft or encryption demands. Technical teams detected the intrusion rapidly, though the attackers’ exact entry vector remained unconfirmed. By the evening of May 26, the municipality reported having no visibility into the full scope of compromised systems or data, emphasizing uncertainties about network integrity and potential exposure of sensitive information. Services reliant on infected servers faced immediate accessibility issues, though emergency protocols prevented total operational collapse. No third-party entities or regional infrastructure were reported as collateral victims in initial assessments.
Municipal IT personnel and the French Gendarmerie’s dedicated cyberattack response unit initiated parallel investigations on May 26 to analyze breach origins, contain residual threats, and evaluate data compromise. Concurrently, technical teams began server cleanup and reconstruction efforts to restore baseline functionality, though the municipality warned of indefinite delays before full recovery. No ransomware group claimed public responsibility for the attack by May 28, and authorities did not disclose whether communications with attackers occurred. Operational continuity measures kept essential services running at reduced capacity, with priority given to public-facing functions. The town issued formal apologies for disruptions but provided no specific timeline for resolution, citing the complexity of forensic analysis and system rebuilding. As of May 28, no additional breaches or secondary incidents had been reported, with recovery efforts remaining ongoing and no further technical details released about attacker methodologies or defensive countermeasures.