Cyber Incident Victim: Grand Palais

The ransomware attack targeting the Grand Palais and affiliated museum systems occurred during the night of August 3-4, 2024, coinciding with the Olympic weekend in Paris. The Grand Palais' IT director detected anomalous activity within the organization's information systems and issued an alert confirming an ongoing ransomware intrusion. Attackers deployed malware to encrypt financial data managed through a centralized IT system shared by forty French museums, including the Louvre. This system processed transaction records from retail operations within the museum network. The perpetrators employed a dual-extortion strategy, first demanding cryptocurrency payments in exchange for decryption keys to restore access to the locked data. Concurrently, they threatened to publicly release the stolen financial information unless contact was established within 48 hours, leveraging the potential reputational damage and operational disruption to pressure victims.

French authorities launched an immediate criminal investigation led by the Cybercrime Prevention Brigade (BL2C), citing charges of unauthorized access to automated data systems, organized extortion, and criminal conspiracy. The National Cybersecurity Agency of France (ANSSI), already engaged in Olympic Games security oversight, provided incident response support but confirmed the compromised systems were unrelated to Olympic or Paralympic operations. No details regarding ransom payment, data restoration methods, or specific financial impacts were disclosed in available reporting. The attack's primary operational consequence was the encryption of financial records across the museum network, though broader disruptions to visitor services or cultural operations remained unconfirmed. Investigative efforts focused on identifying the attackers and mitigating further data exposure risks while affected institutions worked to restore normal operations.