Skull and bone on screen showing ransomware attack on Olympic venue

2024 Paris Olympic Venue Hit by a Ransomware Attack

A ransomware attack has impacted a Paris Olympic venue, the Grand Palais exhibition hall, that hosted various Olympic events, including fencing and Taekwondo competitions.

Grand Palais is part of the Réunion des Musées Nationaux (RMN) network, which includes 34 cultural institutions, such as the Louvre, Musée d’Orsay, and Musée Picasso.

“We immediately disconnected everything that was vital and called on the special state unit that deals with this type of problem, the French Computer Security Agency,” said the Grand Palais director.

French authorities say the cyber attack targeted RMN’s central computer system, which consolidates financial data, but did not affect ongoing sports events or other systems.

French prosecutors investigate an Olympic venue ransomware attack

Paris prosecutors are working with France’s Brigade for Combating Cybercrime to investigate the Grand Palais Olympic venue ransomware attack and bring the perpetrators to book.

France imposes a three-year prison sentence for illegally accessing computer systems and an additional two years for modifying data. However, most Western countries grapple with apprehending international cybercriminals, usually operating in cybercrime havens like Russia.

France’s National Information Systems Security Agency (ANSSI) has confirmed being notified of the ransomware attack. Similarly, the Grand Palais Olympic venue has confirmed being a victim of the ransomware attack, while the Louvre has denied being impacted.

Meanwhile, threat actors have reportedly demanded an unspecified ransom amount and threatened to publish private financial data within 48 hours. RMN has not confirmed receiving any extortion demands and says it found no evidence of data exfiltration.

Grand Palais Olympic venue ransomware attack had limited impact

RMN says the impacted French museums operated autonomously, and thus, their services “remain open to the public under the usual conditions.”

“This only concerns our internal network of shops, and not even the other activities of the RMN-Grand Palais,” said the Olympic venue director.

ANSSI also says the Grand Palais Olympic venue ransomware attack does not affect “information systems implicated in the continuity of the Olympics and Paralympics.”

No hacking group has claimed responsibility for the Grand Palais ransomware attack, and the attack vector remains undisclosed.

“It is highly likely that the cyberattack on Grand Palais Rmn was initiated through stolen credentials,” said Rogier Fischer, CEO of Hadrian.

So far, the severity and frequency of the Paris 2024 Olympic cyber attacks failed to meet anticipated levels. On July 25, French Prime Minister Gabriel Attal warned that 2024 Paris Olympics cyber attacks were inevitable and the country was “more than ever a target.”

However, he asserted that the French cybersecurity agency, the ANSSI, was prepared to limit their impacts. Attal, who remains in office to maintain stability during the Olympics, further disclosed that 68 cyber attacks on the Paris 2024 Olympics had been thwarted.

Similarly, Google’s Mandiant also warned about Russian-linked Paris Olympics 2024 cyber attacks for disinformation, cyber espionage, disruption, and extortion. Russian hacking groups Anonymous Sudan, Killnet, Server Killers, NoName057, and UserSec pose the greatest risk to the Paris international multi-sport event. Pro-Kremlin hacking groups had released a deep-faked Tom Cruise movie to undermine the Olympics.

“Everyone expected the Olympic Games to be the target of cyberattacks,” says Dr. Martin J. Kraemer, a security awareness advocate at KnowBe4. “Attackers have used ransomware attacks on other occasions to cover the tracks of something else. This might be the case here. However, it seems more likely that the scheme is a quick exploit and nothing else in this case.”

“Fake ticketing sites, social engineering campaigns or phishing attacks still pose a significant risk until the games end and beyond that.”

“Incidents like these show time and again that preventive measures are essential but not foolproof, as sophisticated cyberattacks continually evolve, exploiting new vulnerabilities and human error,” Fischer added.

Cyber attacks frequently target art galleries and museums

Besides the Grand Palais ransomware attack, hackers have frequently targeted art galleries and museums, causing disruptions at critical moments.

In May 2024, Christie’s auction house suffered a RansomHub ransomware attack ahead of the May 14 Rosa de la Cruz Collection Sale and 21st Century Evening Sale, which were expected to earn $30 million and $100 million, respectively.

The ransomware attack also threatened to derail the 20th Century Evening Sale, which was expected to take place two days later and earn at least $500 million.

In late December 2023, Gallery Systems, a museum management software, suffered a cyber attack that disrupted online collections.