CAPSO

CAPSO digital service acted as the primary cybersecurity responder during a ransomware attack against the municipality of Saint-Martin-lez-Tatinghem on June 21, 2023. The incident targeted the town's digital systems, leading CAPSO to implement immediate containment measures that included isolating affected machines and disconnecting internet access to prevent lateral movement. These actions were taken while critical municipal services, such as schools and technical departments, were maintained in operation, though email systems and town hall operations faced significant disruption. The attack resulted in partial data encryption and raised concerns about the potential theft of personal information stored on municipal servers. CAPSO's intervention was part of a pre-existing relationship providing digital services to the local authority, positioning them as the first line of defense in this public sector cyber incident. Their technical response focused on preserving data integrity and halting the attack's progression within the municipal network infrastructure.

Following the initial containment, CAPSO advised the municipal authorities against paying the demanded ransom, a decision aligned with official cybersecurity guidance. The organization then collaborated with specialized cybersecurity agencies and national law enforcement to conduct a forensic investigation into the breach's origins and scope. This joint effort aimed to identify the threat actors and assess the full impact on compromised data. Throughout the recovery process, CAPSO assisted in restoring secure access to preserved documents and systems for the municipality. The incident concluded with public advisories issued by the town, based on recommendations from CAPSO and investigators, warning residents about possible fraudulent use of any exfiltrated personal data. This event highlighted CAPSO's role in incident response and recovery for a local government client, demonstrating capabilities in crisis management, digital forensics coordination, and public communication support following a significant security breach. The organization's actions were confined to the technical and investigative phases of this specific attack on its client's infrastructure.