Caisse Centrale de Réassurance SA

Caisse Centrale de Réassurance SA, known also as CCR, is a French public reinsurer. Its core business consists of providing reinsurance protection against natural disaster risks. As a publicly owned entity, it operates under a mandate to support the nation’s catastrophe risk management framework. The company is headquartered in France and primarily serves the French insurance market. CCR’s offerings are tailored to cover perils such as floods, storms, earthquakes and other climate‑related events. By focusing exclusively on this niche, the reinsurer helps primary insurers manage large‑scale loss exposures. Its public status distinguishes it from private reinsurers operating in the same sector.

CCR’s specialization in natural disaster reinsurance makes it a notable actor in the French risk‑transfer landscape. In July 2022, the organization experienced a ransomware attack claimed by the previously unknown group Lilith. The attackers encrypted files and appended a ".Lilith" extension to the compromised data. Lilith threatened to leak more than one terabyte of stolen information unless demands were met. The incident caused significant service disruptions, including the temporary takedown of CCR’s website. Cybersecurity analysts subsequently examined emerging samples of the ransomware to understand its behavior. Although Lilith initially publicized the breach on its own platform, the claim was removed several days later and CCR did not issue any public comment during the initial media inquiries.