Cyber Incident Victim: Afnor
Date:
Feb 2021
Location:
France
Summary
The French standards organization Afnor suffered a large-scale cyberattack involving Ryuk ransomware, prompting it to shut down internet-exposed services including its website. A spokesperson confirmed the ransomware incident but declined to disclose specifics about the affected infrastructure or attack timeline at the time of reporting. The disruption coincided with a national cybersecurity funding announcement, though no operational or financial impacts were detailed publicly.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 18, 2021, coinciding with French President Emmanuel Macron’s public announcement of a €1 billion cybersecurity investment under France’s national recovery plan, the Association Française de Normalisation (Afnor) initiated an emergency shutdown of its internet-exposed services, including its public website. This action followed the detection of a significant cyberattack targeting the organization. A spokesperson for Afnor confirmed the incident involved the activation of Ryuk ransomware, characterizing it as a “large-scale” compromise. The attack prompted an immediate operational disruption, though the association did not disclose the specific timeline of the intrusion or the exact point of initial compromise. Afnor’s decision to sever internet connectivity represented a containment measure to prevent further propagation of the ransomware within its network and to external systems. The organization did not specify whether data exfiltration occurred prior to encryption or detail the ransomware’s entry vector.
The incident’s operational impact remained partially undefined in initial disclosures, with Afnor withholding specifics regarding the scale of affected systems, the duration of downtime, or the number of compromised endpoints. No information was provided about the restoration timeline for critical services or whether business continuity protocols were activated. The association’s public communications did not address whether the attack disrupted its standardization activities or affected partner organizations. Financial implications, including potential ransom demands or recovery costs, were not disclosed. Afnor’s limited transparency extended to omitting technical details about the Ryuk variant involved and any coordinated response with law enforcement or cybersecurity agencies. The incident highlighted operational challenges during a period of heightened national focus on cyber threats, occurring as French government initiatives sought to bolster organizational resilience against such attacks.