Bouygues Construction Paralysed By A Major Cyber Attack – Experts Insight

By   ISBuzz Team
Writer , Information Security Buzz | Feb 03, 2020 03:50 am PST

French media is reporting that the Bouygues Group’s construction subsidiary has been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested, and at least 200GB of data already stolen.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Dr. Muhammad Malik
Dr. Muhammad Malik , InfoSec Leader & Editor-in-Chief
February 4, 2020 8:59 am

The threat actors behind the Maze ransomware attacks are responsible for this attack and they are known to steal the victim\’s data before encrypting it. If the data is also stolen, the threat actors can use this to threaten Bouygues Construction to publicly release their data unless a ransom is paid. The company has responded professionally by acknowledging the attack and this is vital step in responding to such cyber attacks.

The ransomware Maze has hit a range of firms in the past including the US City of Pensacola, Allied Universe (security company) and Southwire (cabling giant). The ransomware uses RSA-2048 and ChaCha20 encryption and normally requires the victim to contact the threat actor by email for the decryption key.

The following mitigation techniques can be used to prevent such an attack:

User Education Security effectiveness rating: Good
Backup your critical data Security effectiveness rating: Excellent
Restrict Internet access Security effectiveness rating: very Good
Continuous security monitoring Security effectiveness rating: Excellent
Keep your system patched and configured in secure manner Security effectiveness rating: Excellent
Restrict administrative access Security effectiveness rating: Excellent

Last edited 4 years ago by Dr. Muhammad Malik
Matt Walmsley
Matt Walmsley , EMEA Director
February 3, 2020 11:56 am

We’ve recently seen multiple Maze ransomware attacks and data leaks, particularly in the US which prompted the FBI to put out warnings late last year. The attacks on Bouygues are thought to have spread from their US operations and widely disrupted their global IT operations.

Ransomware is an insidious threat spreading virulently at machine speed across the victim’s internal networks, and there are no perfect defences. With these type of high velocity attacks time is the defending security team’s most precious resource. Early detection and response can make the difference between a contained, minimised incident or the situation of facing massive business disruption, a reported 10M euro ransom and all the reputational damage risks that Bouygues now face.

We’re increasingly seeing cybercriminals gangs adapt their attics to become more targeted and focused on economic efficiency for their efforts, even to the point that attackers seek to publicise their attacks to increase pressure on the victims. So, seeing media attention, such large ransom demands, and threats of data leaks isn’t surprising.

Last edited 4 years ago by Matt Walmsley
Sam Curry
Sam Curry , Chief Security Officer
February 3, 2020 11:51 am

It\’s important to not leap to conclusions prematurely when anyone is hit with a cyberattack. With Bouygues being hit by ransomware, let\’s keep in mind that even the strongest of people can still be sucker-punched. Cyber attacks are the new norm and no defence is perfect. The post mortem in this attack will be very important to Bouygues, and to the world of critical infrastructure at large. As more and more traditional power, manufacturing and construction networks are connected, the models for security from the world of PCs and servers have another dimension and a massive increase in footprint.

None of us know exactly what occurred inside Bouygues as they weather this storm, but we all wish them the best in recovery and will wait to hear the after-action report. At the end of the day, this new attack is a call to enterprises, government agencies and companies of all sizes to prepare in peacetime for when the unthinkable happens. Organisations need strong prevention and detection tools to ensure that any damage that occurs can be minimised. Recovery is paramount and continual improvement and learning after the discovery is critical. We live in a world with expanding network footprints that have billions of connected devices and attentiveness, diligence and patience are required to minimise risk and turn the tables on adversaries.

Last edited 4 years ago by Sam Curry

Recent Posts

Would love your thoughts, please comment.x