Bouygues Construction Paralysed By A Major Cyber Attack – Experts Insight

French media is reporting that the Bouygues Group’s construction subsidiary has been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested, and at least 200GB of data already stolen.

Experts Comments

February 03, 2020
Sam Curry
Chief Security Officer
Cybereason
It's important to not leap to conclusions prematurely when anyone is hit with a cyberattack. With Bouygues being hit by ransomware, let's keep in mind that even the strongest of people can still be sucker-punched. Cyber attacks are the new norm and no defence is perfect. The post mortem in this attack will be very important to Bouygues, and to the world of critical infrastructure at large. As more and more traditional power, manufacturing and construction networks are connected, the models for.....Read More
It's important to not leap to conclusions prematurely when anyone is hit with a cyberattack. With Bouygues being hit by ransomware, let's keep in mind that even the strongest of people can still be sucker-punched. Cyber attacks are the new norm and no defence is perfect. The post mortem in this attack will be very important to Bouygues, and to the world of critical infrastructure at large. As more and more traditional power, manufacturing and construction networks are connected, the models for security from the world of PCs and servers have another dimension and a massive increase in footprint. None of us know exactly what occurred inside Bouygues as they weather this storm, but we all wish them the best in recovery and will wait to hear the after-action report. At the end of the day, this new attack is a call to enterprises, government agencies and companies of all sizes to prepare in peacetime for when the unthinkable happens. Organisations need strong prevention and detection tools to ensure that any damage that occurs can be minimised. Recovery is paramount and continual improvement and learning after the discovery is critical. We live in a world with expanding network footprints that have billions of connected devices and attentiveness, diligence and patience are required to minimise risk and turn the tables on adversaries.  Read Less
February 03, 2020
Matt Walmsley
EMEA Director
Vectra
We’ve recently seen multiple Maze ransomware attacks and data leaks, particularly in the US which prompted the FBI to put out warnings late last year. The attacks on Bouygues are thought to have spread from their US operations and widely disrupted their global IT operations. Ransomware is an insidious threat spreading virulently at machine speed across the victim’s internal networks, and there are no perfect defences. With these type of high velocity attacks time is the defending.....Read More
We’ve recently seen multiple Maze ransomware attacks and data leaks, particularly in the US which prompted the FBI to put out warnings late last year. The attacks on Bouygues are thought to have spread from their US operations and widely disrupted their global IT operations. Ransomware is an insidious threat spreading virulently at machine speed across the victim’s internal networks, and there are no perfect defences. With these type of high velocity attacks time is the defending security team’s most precious resource. Early detection and response can make the difference between a contained, minimised incident or the situation of facing massive business disruption, a reported 10M euro ransom and all the reputational damage risks that Bouygues now face. We’re increasingly seeing cybercriminals gangs adapt their attics to become more targeted and focused on economic efficiency for their efforts, even to the point that attackers seek to publicise their attacks to increase pressure on the victims. So, seeing media attention, such large ransom demands, and threats of data leaks isn’t surprising.  Read Less
February 04, 2020
Dr. Muhammad Malik
Editor-in-Chief
Information Security Buzz
The threat actors behind the Maze ransomware attacks are responsible for this attack and they are known to steal the victim's data before encrypting it. If the data is also stolen, the threat actors can use this to threaten Bouygues Construction to publicly release their data unless a ransom is paid. The company has responded professionally by acknowledging the attack and this is vital step in responding to such cyber attacks. The ransomware Maze has hit a range of firms in the past including.....Read More
The threat actors behind the Maze ransomware attacks are responsible for this attack and they are known to steal the victim's data before encrypting it. If the data is also stolen, the threat actors can use this to threaten Bouygues Construction to publicly release their data unless a ransom is paid. The company has responded professionally by acknowledging the attack and this is vital step in responding to such cyber attacks. The ransomware Maze has hit a range of firms in the past including the US City of Pensacola, Allied Universe (security company) and Southwire (cabling giant). The ransomware uses RSA-2048 and ChaCha20 encryption and normally requires the victim to contact the threat actor by email for the decryption key. The following mitigation techniques can be used to prevent such an attack: ⦁ User Education Security effectiveness rating: Good ⦁ Backup your critical data Security effectiveness rating: Excellent ⦁ Restrict Internet access Security effectiveness rating: very Good ⦁ Continuous security monitoring Security effectiveness rating: Excellent ⦁ Keep your system patched and configured in secure manner Security effectiveness rating: Excellent ⦁ Restrict administrative access Security effectiveness rating: Excellent  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts