Cyber Incident Victim: Groupe Guyamier
Date:
Nov 2023
Location:
France
Summary
A transport group suffered a severe cyberattack causing complete operational paralysis, with all client files, email access, and IT systems rendered inaccessible. The incident forced an immediate shutdown of all computers after screens froze and a virus was detected, critically disrupting business activities. Attackers issued a ransom demand without specifying an amount, compounding challenges in contacting clients due to lost order records and communications. A 40-person crisis team was mobilized to prioritize urgent response measures and attempt partial service restoration. The organization, previously targeted in a less significant attack years earlier, described this as a devastating and far-reaching compromise of its servers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 29, 2023, Groupe Guyamier—a transportation conglomerate operating under multiple brands including Guyamier, Lacassagne, SMGE, and Atlantic Europe Express—experienced a severe cyberattack that began in the early morning. Employees across company facilities in Ambès and Cestas, Gironde, discovered frozen computer screens followed by the abrupt blocking of all Microsoft Office applications and internet access. Nicolas Guyamier, the group’s CEO, confirmed the immediate loss of all client files, email access, and IT directories, rendering critical business data unreachable. An internal IT expert identified a virus infiltrating the systems, prompting an emergency shutdown of all workstations to contain the spread. The attack paralyzed administrative functions, preventing access to order histories, customer communications, and operational documents. By midday, attackers issued a ransom demand to the company, though no specific monetary amount was disclosed. Operational disruption escalated as employees resorted to manual workarounds, unable to retrieve shipping schedules or client contact details stored digitally. Nicolas Guyamier described the incident as "tentacular," emphasizing the complete compromise of their servers and contrasting its severity with a comparatively minor attack the group had experienced five years prior.
A crisis response unit comprising approximately 40 personnel was activated by the evening of November 29 to prioritize urgent recovery tasks and prepare contingency measures for the following business day. The team focused on manually gathering client contact information from alternate sources to mitigate communication breakdowns affecting customer operations. Financial repercussions intensified for the €30 million-revenue enterprise, which employs over 200 staff and had earned a 2022 "Transporter of the Year" award, as the inability to process orders or coordinate logistics threatened service continuity. Nicolas Guyamier characterized the situation as "catastrophic," noting the total incapacitation of digital infrastructure and the absence of viable short-term restoration options. No data exfiltration or secondary impacts beyond system encryption and operational paralysis were reported in available disclosures.