Ransomware group Brain Cipher have taken responsibility for a cyberattack on dozens of French National Museums during the Olympic Games earlier this month. The group have said they will leak 300 GB of stolen data, but have revealed nothing about the nature of the information.
Institutions overseen by Réunion des Musées Nationaux – Grand Palais (RMN-GP) were targeted by an attack which allegedly stole data from the system used by the organization to ‘centralize financial data’.
A countdown has been posted on Brain Cipher’s blog post to indicate the leak will take place at 20:00 UTC.
Brain Cipher Group
There were no reported disruptions to the Olympic events hosted by the institution, which included taekwondo and fencing and the organization confirmed that no operational impact, encrypted systems, or extracted data was detected.
The French Cybersecurity Agency (ANSSI) confirmed it was alerted to the attacks and provided assistance to RMN-GP, but asserted that the incident did not affect systems related to the Olympic Games.
The group taking credit for the attack only emerged in June of this year, but have previously targeted a number of industries, including medical, educational, and manufacturing organizations, as well as Indonesian government servers.
The group apologized for any disruption caused by the attack on the Indonesian servers, claiming that it was acting as a penetration tester, and that it released a decryptor to restore locked files without pressure from the government.
Researchers believe the group developed its ransomware payload based on the Lockbit 3.0 builder (also known as LockBit Black) which is well known and easily deployed, but in turn can be easily detected and mitigated.
Via The Register