Cyber Incident Victim: City of Chalon-sur-Saône

On the night between Saturday, February 20, and Sunday, February 21, 2021, the municipal computer systems of Chalon-sur-Saône and its surrounding agglomeration experienced a cyberattack involving a crypto-virus. Frédéric Iacovella, Director General of Services for the City and Grand Chalon, publicly confirmed the incident to regional media outlet Journal de Saône et Loire on February 22. The attack resulted in file encryption across affected systems, disrupting municipal operations. At the time of reporting, authorities had not received any ransom demand from the threat actors, though cybersecurity observers noted some ransomware operators delay ransom communications as part of their tactics. The municipality's IT teams were actively assessing whether data exfiltration occurred prior to encryption, though no conclusive evidence of data theft had been established during initial investigations.

The incident followed a pattern of recent cyberattacks against French public sector entities, including prior breaches at Villefranche-sur-Saône Hospital and Dax Hospital, though no confirmed connection between these events was established. Municipal officials did not disclose technical specifics regarding the ransomware variant used or the exact scope of encrypted systems. Operational impacts included disrupted administrative services, though the municipality maintained essential functions through contingency protocols. Response efforts focused on forensic analysis to determine attack vectors, restore encrypted data from backups where possible, and evaluate potential data compromise. No public statements addressed remediation timelines or detailed containment measures beyond ongoing technical assessments by internal IT personnel.