Cyber Incident Victim: Ville de Morlaix
Date:
Sep 2023
Location:
France
Summary
The town of Morlaix experienced a ransomware attack disrupting its computer systems, leading to the closure of all municipal email addresses and impacting internal software. Physical and telephone public receptions remained operational across services, while the website and online services stayed accessible with potential processing delays. Two affected servers were immediately isolated for investigation, with the National Cybersecurity Agency alerted. Analysis indicated an attempted data encryption, consistent with ransomware tactics, though no threat actors claimed responsibility or issued explicit ransom demands at the time. Recovery efforts involved coordination with regional and national authorities to restore normal operations securely.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 21, 2023, the municipal government of Morlaix, France, detected a cyberattack targeting its computer systems in the morning. The attack disrupted email communications across all city services, prompting their immediate closure. Physical and telephone reception services remained operational for public access to all municipal departments. The city’s public website and online services stayed accessible but experienced slower processing times due to the incident. Technical teams initiated analysis and processing actions to contain the breach. Morlaix officials collaborated with State services and the Morlaix Communauté urban community to coordinate response efforts. Mayor Jean-Paul Vermot confirmed the isolation of two compromised servers to facilitate forensic investigations into the attack’s origin. The municipality alerted France’s National Agency for the Security of Information Systems (ANSSI) following incident detection. Internal software systems and the city’s entire email messaging platform became non-functional due to the attack.
By September 22, municipal employees resorted to manual processes using paper and pens while awaiting system restoration. Investigators suspected ransomware involvement based on observed attempts to encrypt municipal data, though no threat actor had claimed responsibility or issued ransom demands at the time of reporting. The attack’s origin remained under active diagnostic review, with no confirmed attribution to specific threat groups. This incident marked the second ransomware attack against a Breton municipality within a month, following an August 2023 breach against Betton that resulted in leaked personal data. Regional cybersecurity patterns included additional attacks against Breton organizations, such as a March 2023 incident affecting Brest University Hospital and service disruptions caused by a compromised IT service provider. Morlaix authorities prioritized secure system restoration while maintaining essential public services through alternative channels during recovery operations.