Bretagne Télécom

Bretagne Télécom operates as a French cloud services provider, delivering infrastructure and hosting solutions primarily to small business customers. Its core business involves managing and securing data for its clients through managed services, with its operations centered in France. The company's customer base is explicitly noted as comprising approximately thirty small businesses, indicating a focused market segment rather than broad enterprise or consumer services. This scale suggests a regional or niche provider within the French telecommunications and cloud market, though its exact market share or total revenue is not disclosed. The organization's services are built on maintaining client data on Windows-based servers, a technical detail revealed through the nature of the ransomware attack it suffered. Its role is that of a custodian for sensitive business information, making data integrity and availability critical to its value proposition. The incident report positions Bretagne Télécom within the broader trend of managed service providers becoming high-value targets for ransomware gangs due to their aggregated customer data. No information is provided regarding its ownership structure, parent companies, or subsidiary relationships, leaving its corporate governance context undefined.

The company's most documented public attribute stems from its response to a severe security incident in January 2020. The DoppelPaymer ransomware group exploited a critical, unpatched vulnerability in Citrix Application Delivery Controller (ADC) to breach Bretagne Télécom's environment. This attack resulted in the encryption of 148 Windows servers and a ransom demand of 35 bitcoin. The organization's distinguishing operational characteristic, as evidenced by this event, was its reliance on and successful execution of a robust backup and disaster recovery strategy using Pure Storage systems. Critically, Bretagne Télécom restored all affected customer systems without succumbing to the ransom payment, a outcome that directly contrasts with the common fate of many ransomware victims. Recovery times, however, varied significantly among its customers, indicating that while the backup infrastructure was effective, the restoration process had inconsistent efficiency. The attackers themselves claimed minimal data exfiltration, stating they found "nothing interesting," which may reflect either the security of Bretagne Télécom's data segregation or the attackers' assessment of the stolen information's value. This incident underscores the provider's competency in backup management as a defensive pillar, while also highlighting the persistent risk from unpatched enterprise software vulnerabilities. The event serves as a case study in ransomware resilience for similar mid-sized cloud and managed service providers, demonstrating that payment avoidance is technically feasible with adequate preparation, even when preventive security controls fail.