Cyber Incident Victim: Grand Annecy
Date:
Dec 2020
Location:
France
Summary
The Greater Annecy agglomeration experienced a disruptive malware attack that compromised its servers and applications, necessitating their shutdown and halting all internet-dependent operations. Concurrently, a related cyberattack targeted a nearby hospital center, severely damaging its information system and impacting multiple hospital sites, long-term care units, and associated facilities. Both incidents underscored a broader regional threat, with critical infrastructure and public services suffering operational paralysis due to the malicious activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of December 27-28, 2020, the Grand Annecy agglomeration in France suffered a malware attack targeting its computer systems. The intrusion necessitated an immediate shutdown of municipal servers and applications to contain the damage, disrupting all internet-dependent operations across the affected infrastructure. This emergency response rendered online services unavailable for an unspecified duration, impairing administrative functions that relied on network connectivity. The attack occurred exactly one week after a separate cyber incident impacted the Albertville/Moûtiers Hospital Center in Savoie, though no direct connection between the two events was established in available reports. Municipal authorities did not publicly disclose technical details regarding the malware variant used, the initial attack vector, or whether ransom demands accompanied the intrusion. Operational recovery timelines remained unclear from public statements, with restoration efforts presumably focused on rebuilding compromised systems following the forced shutdown.
The Grand Annecy incident coincided with ongoing disruptions at the Albertville/Moûtiers healthcare facilities, where a December 21 cyberattack had damaged hospital information systems. That separate attack affected acute care sites in Albertville and Moûtiers, along with long-term care units (Ehpad and USLD) at Claude Léger in Albertville and Les Cordeliers in Moûtiers. Both cybersecurity events occurred within the Savoie region within a seven-day period, though regional authorities made no official statements suggesting coordinated targeting. Neither incident report included forensic details about attacker methodologies, data compromise scope, or financial impacts. Grand Annecy's response remained strictly reactive, centered on infrastructure isolation through system deactivation rather than publicly disclosed remediation strategies or threat actor communications. The hospital attack similarly resulted in operational degradation without subsequent disclosure of recovery timelines or forensic findings.