Databack - Récupération de données
Request a quote
THE BLOG

Databack success stories: When local authorities face up to cybercrime

Communes, départements, régions… Local authorities are also hard hit by cybercrime, and particularly by ransomware attacks. Recently, our laboratory was once again called upon by a local authority that had suffered a major attack.

ransomware attack in a French conurbation

Case study: ransomware attack on a conurbation

Since 2020, several French local authorities have been targeted by large-scale computer attacks : the cities of Marseille, La Rochelle and Angers, as well as the Aix-Marseille-Provence metropolis, the Grand-Est region and many others…

Last October, Databack was once again called in by a local authority to recover its data following a ransomware attack. This time, the hackers took advantage of the weekend to paralyze all the town’s services, including those of the community of communes to which it belongs. The attack totally paralyzed the agglomeration’s activity, as all services became inaccessible, including the messaging system and telephones.

The IT department’s first action was to shut down all network systems in order to limit the damage caused by the attack as much as possible.

In addition, the town hall was accompanied by a CERT (Computer Emergency Response Team) to manage the incident. Our laboratory regularly collaborates with several of France’s leading CERTs to assist organizations following Ransomware attacks. Once again, we were called in urgently to recover data essential to the resumption of activity in this urban area.

Agglomeration data recovery steps

The very first step was for Databack to organize, with the teams on site , the repatriation of the backup NAS which had been attacked by the hacker. As soon as they received the NAS, our on-call team ran an initial diagnostic on the BTRFS format partition present on the NAS RAID volume. During the attack, the partition had been reset, and the NAS RAID configuration had been transformed from RAID5 to RAID0 in order to make access to the data as complex as possible.

Our French laboratory’s expertise in RAID5 and BTRFS data recovery enabled us to recover all ACRONIS backups present before the attack. Once recovered, an integrity test was run to validate their proper use. The data was returned for reintegration on a password-protected hard disk.

As a result, the town hall and its associated community of communes were able to resume their activities rapidly, without any loss of data. In particular, the IT Department’s excellent reflexes in quickly blocking any further destruction by the hacker by disconnecting the network significantly increased recovery possibilities.

Cybercrime and local authorities: how to protect yourself from attack?

When it comes to cybersecurity, there are a number of preventive measures you can take to reduce the risk of cyberattacks:

  1. Back up your data regularly (using cloud computing and independent, disconnected storage media: NAS servers, tapes, etc.);
  2. Keep your operating systems, software (especially antivirus software), web browsers and plug-ins up to date;
  3. Avoid risky behaviour and make your employees aware of it (opening emails or attachments of dubious origin, visiting unsecured websites, etc.);
  4. Train your staff and appoint a digital security officer;
  5. Set up a crisis management system and a disaster recovery plan in the event of an attack.

The ANSSI (Agence nationale de la sécurité des systèmes d’information – French national agency for information systems security) also raises awareness of IT security issues among local authorities, through guides, awareness kits and infographics.

30 November 2021
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin