Cyber Incident Victim: Office d'Equipement Hydraulique de Corse

The cyberattack targeting the Office d’Equipement Hydraulique de Corse (OEHC) began during the night of November 2–3, 2022, when the Russophone ransomware group Lockbit 3.0 infiltrated the organization’s systems. Employees discovered the breach on the morning of November 3 upon encountering completely locked IT systems, rendering 33 servers inoperable. The attackers deployed ransomware, encrypting a significant portion of OEHC’s data, and demanded payment in cryptocurrency in exchange for a decryption key. The exact ransom amount was not disclosed publicly. Lockbit 3.0’s attack paralyzed core operations, though OEHC clarified it did not store customer banking data, limiting certain financial risks.

OEHC’s leadership initially remained silent for approximately two weeks to assess the damage and coordinate a response. On November 17, 2022, the agency issued a formal statement confirming it had refused all contact or negotiation with the attackers, aligning with French authorities’ recommendations against paying ransoms. Technical teams from OEHC, its IT service provider, and France’s National Agency for the Security of Information Systems (ANSSI) collaborated to evaluate the impact. Essential services, such as water management, remained operational, while customer-facing functions were prioritized for restoration and expected to resume full functionality swiftly. The most severe disruption affected support activities, particularly accounting and financial management systems, where historical data encryption caused prolonged inaccessibility. OEHC implemented contingency measures to facilitate recovery but did not specify technical details or timelines. The organization committed to informing clients, partners, and employees of any confirmed data leaks resulting from the attack, though no evidence of data exfiltration was confirmed at the time of reporting.