Cyber Incident Victim: La Caisse des écoles du Robert

On or around May 1, 2023, the Caisse des écoles du Robert, an organization in Martinique, fell victim to a significant cyberattack. The incident was publicly disclosed by the city of Robert in an official press release. The attack was characterized as being of a large scale, involving a direct and violent intrusion into the organization's systems. The attackers successfully encrypted the data residing on the server of the Caisse des écoles du Robert. This action rendered the data inaccessible to the organization's administrators and users. Following the encryption of the data, the perpetrators of the attack made a formal ransom demand. This demand was communicated directly to the leaders of the organization, stipulating that a payment was required in order to obtain the decryption key necessary to recover their encrypted data.

The attack on this institution occurred shortly after a similar cybersecurity incident targeted the Collectivité Territoriale de Martinique (CTM), suggesting a potential pattern of attacks focusing on entities within the Martinique region. The specific nature of the attack, involving data encryption followed by a ransom demand, categorizes it as a ransomware incident. The attack forced the Caisse des écoles du Robert into a severe and unprecedented situation, which the organization described as particularly grave. The immediate consequence was the complete unavailability of its primary database, crippling normal administrative functions.

In response to the incident, the organization initiated a complex recovery and restoration process. The city's communication indicated that retrieving and restoring the database was not a simple task but required a delicate intervention planned in several distinct stages. Due to the extensive damage and the complexity of the recovery effort, officials provided a public estimate for a return to normal operations, projecting that full restoration would be achieved by mid-June. This timeline of over a month underscored the severity of the disruption caused by the encryption of their critical systems.

To maintain essential public services during the prolonged recovery period, the Caisse des écoles du Robert was compelled to implement a business continuity plan. This plan was specifically designed to ensure the continuation of its core services despite the technical outage. The continuity measures involved a significant operational shift, moving all necessary processes to an entirely on-site, in-person model. The plan facilitated the continued operation of enrollment activities for programs and the processing of payments for activities. However, these critical functions could only be conducted on a face-to-face basis at physical locations, as the digital systems that would normally support remote or online transactions remained incapacitated. The establishment of this manual, on-site procedure was described as an exceptional modality, highlighting its temporary and emergency nature. A specific calendar outlining the schedule for these in-person operations was released to guide the public. The necessity of this plan highlighted the extensive impact of the attack on the organization's ability to function and serve its constituents in a normal manner. The incident at the Caisse des écoles du Robert represented a significant disruption to a public service entity, mirroring a similar challenge faced by another major regional administration and raising broader concerns about cybersecurity threats in the area.