Cyber Incident Victim: Bordeaux-Gironde Chamber of Commerce and Industry
Date:
Jun 2021
Location:
France
Summary
A ransomware attack targeted the Bordeaux-Gironde Chamber of Commerce and Industry, disrupting operations but failing to exfiltrate data due to firewall defenses. Network access was blocked, causing a half-day switchboard outage with calls redirected, while emails remained accessible but files and business formality services were unavailable. The organization refused ransom demands and reported the incident to law enforcement. Although ransomware deployment was prevented during the detected suspicious activity, operational disruptions occurred as systems were proactively shut down to contain the threat.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 25, 2021, the Bordeaux-Gironde Chamber of Commerce and Industry (CCI) experienced a ransomware attack that disrupted its operations. The organization’s firewall successfully prevented attackers from exfiltrating data, but the attackers blocked access to the network. This resulted in partial system outages affecting multiple functions. The switchboard remained non-functional for half a day, though calls were rerouted to alternative extensions. Email systems remained accessible, but staff could not access files or the company formalities center, a critical business service. No data compromise was confirmed due to the firewall’s intervention. Officials publicly disclosed their refusal to pay an unspecified ransom demand and filed a formal police complaint following the incident. The attack caused tangible operational friction but did not completely paralyze communication channels.
CCI’s response emphasized non-cooperation with threat actors, though the attackers’ identity and specific ransomware variant remained unidentified. A company spokesperson provided conflicting information, stating that while suspicious activity was detected, ransomware had not been installed and no ransom demands were made. This contradicted initial reports of a ransom demand being issued and refused. The incident’s primary technical impact centered on blocked network access rather than data theft, with containment measures focusing on existing security infrastructure like firewalls. Business continuity was partially maintained through call redirection and email access, though file and formality services were fully interrupted. No recovery timeline or long-term operational consequences were disclosed in available reports.