Cyber Incident Victim: Mairie de Fleury-les-Aubrais
Date:
Jun 2024
Location:
France
Summary
The municipality of Fleury-les-Aubrais experienced a major cyberattack that paralyzed all municipal services after hackers compromised its entire IT infrastructure, including computers and servers. Attackers left a ransom note demanding payment in three installments, discovered following initial email disruptions. Critical operations such as civil registry, school enrollments, cafeteria management, and urban planning were severely disrupted, forcing staff to rely on paper records. The incident also jeopardized preparations for upcoming legislative elections, requiring manual coordination with poll workers and alternative plans for transmitting results. Municipal teams disconnected all systems as a precaution and collaborated with regional cybersecurity responders to restore data access while maintaining limited phone-based communication.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyberattack on Fleury-les-Aubrais municipality commenced on the morning of June 24, 2024, with initial detection of email system disruptions affecting both inbound and outbound communications around 8:30 AM. By approximately 4:30 PM that same day, municipal IT personnel discovered a concealed English-language file within the town hall's servers, accompanied by a ransom demand from threat actors specifying payment in three installments without disclosing the exact amount. This intrusion resulted in complete paralysis of all municipal computer systems and servers, described by Mayor Carole Canette as functionally equivalent to physical destruction of all devices. Immediate operational impacts included suspension of civil registry services (births, marriages, deaths), disruption to school meal provisioning and enrollment processes, and halting urban planning operations that forced staff to manually retrieve paper records for deadline verification. The municipality implemented emergency containment measures by physically disconnecting all computer equipment, effectively shutting down digital operations across departments to prevent further system compromise.
Response efforts involved collaboration with the regional Computer Security Incident Response Team (CSIRT) to restore data access while maintaining critical services through analog alternatives. A significant secondary impact emerged regarding imminent legislative elections scheduled for June 30, with compromised printing capabilities preventing production of voter lists and electoral documents. Municipal authorities developed contingency plans to contact election assessors via telephone for attendance confirmation and arranged to transmit preliminary results phonetically before physical delivery to the prefecture. Public communication channels were partially restored by June 26 through reactivation of the main switchboard number (02 38 71 93 93) for basic inquiries. The attack's comprehensive disruption affected all administrative functions without exception, creating operational dependencies on paper-based workflows and interpersonal coordination where digital systems remained inaccessible. No restoration timeline or ransom payment status was disclosed in available reporting as response teams continued recovery efforts under emergency conditions.