Cyber Incident Victim: Ville de Houilles
Date:
Jan 2021
Location:
France
Summary
The city of Houilles suffered a cyberattack that severely disrupted its municipal IT infrastructure, paralyzing the website, email systems, and digital services for processing requests. The South Korean-origin malware caused operational failures, with authorities prioritizing containment over investigating an associated ransom note. This incident aligned with a wave of attacks affecting other French municipalities, including one publicly linked to the Ranzy threat actors through their leak site despite lacking corroborating evidence at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The town of Houilles in Yvelines, France, experienced a disruptive cyberattack beginning on January 30, 2021, which significantly impaired municipal operations. The attack targeted the city's digital infrastructure, paralyzing its official website and crippling IT systems responsible for email communications and electronic request processing. Municipal authorities publicly confirmed the incident through social media announcements on the same day, disclosing their inability to send emails or handle digital administrative procedures. Internal technical assessments identified the malware as originating from South Korea, though no specific attribution to a threat group was provided by the city. Officials acknowledged the presence of a ransom note associated with the attack but explicitly stated they were not actively searching for it, indicating a deliberate choice not to engage with the attackers' demands. The immediate operational consequences included a complete halt to paperless administrative services, forcing residents to rely on alternative channels for municipal interactions.
Houilles' response focused on containment measures to prevent further propagation of the malware within its network, though technical specifics of these actions were not disclosed publicly. The incident occurred amid a broader pattern of cyberattacks targeting French municipalities, with Alfortville cited as another recent victim. The Ranzy ransomware group listed Alfortville on its leak site around the same period, though no data proofs were published at the time of reporting and no direct connection was established between the two incidents. Houilles' administration did not provide timelines for full service restoration or details about data compromise, focusing communications on the operational disruptions and containment efforts. The attack underscored vulnerabilities in local government IT infrastructure, mirroring challenges faced by other municipalities managing digital transitions under increasing cyber threats.