Cyber Incident Victim: City of Évreux
Date:
Dec 2020
Location:
France
Summary
The City of Évreux and its agglomeration suffered a ransomware attack, leading to a system-wide lockdown to prevent further intrusion. This resulted in severely degraded or non-functional phone and internet services, disrupting municipal operations. Officials confirmed no ransom demand was received but acknowledged challenges in performing routine administrative functions, including weddings, during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-December 2020, the City of Évreux and the Évreux Portes de Normandie agglomeration in France experienced a disruptive ransomware attack that forced a widespread shutdown of municipal systems. The attack occurred approximately one week prior to December 18, 2020, though the exact date of initial compromise remains unspecified in public reporting. Upon detecting the intrusion, administrators deliberately disabled networked systems to contain the threat and prevent further attacker access. This containment strategy resulted in significant degradation of basic municipal services, with telephone and internet connectivity severely impaired or completely non-functional across affected infrastructure. Municipal operations reliant on digital systems faced paralysis, though physical services continued where possible. The mayor confirmed no ransom demand had been received by authorities at the time of initial reporting, distinguishing this incident from typical ransomware operations where payment demands accompany encryption. Forensic analysis and recovery efforts commenced immediately following system isolation, though technical details regarding attack vectors, malware variants, or data compromise were not disclosed publicly.
The prolonged system outage forced city officials to evaluate contingency plans for essential civil functions typically managed through digital platforms, including marriage ceremonies requiring civil registry access. Service disruptions persisted through December 18 with no definitive recovery timeline provided, indicating substantial technical challenges in restoring systems safely. Municipal authorities prioritized maintaining critical infrastructure manually where feasible while cybersecurity teams worked to eradicate malicious presence from networks. The coordinated response involved locking down all potentially vulnerable systems rather than selectively disabling compromised components, suggesting broad infrastructure impact or concerns about lateral movement. No evidence emerged during initial assessments indicating theft or exfiltration of citizen data, though comprehensive audits remained ongoing. France's national cybersecurity agencies provided unspecified support to local responders, as referenced in secondary reporting from France Bleu. The incident highlighted operational vulnerabilities in local government digital infrastructure, particularly regarding service continuity during extended cyber incidents affecting core administrative functions.