French construction giant Bouygues Construction has become the latest organization to confirm it had been hit by a major cyberattack, joining the ranks of other companies who have suffered from ransomware attacks and data leaks.
In a press release, the French firm said it had shut down its computer networks in an effort to prevent a ransomware attack from spreading.
“A ransomware-type virus was detected on Bouygues Construction’s computer network on 30 January,” the company’s statement reveals.
“As a precautionary measure, information systems have been shut down to prevent any propagation,” it added.
To date, the company assures that its teams are currently working on “returning to normal as quickly as possible,” with the help of cybersecurity experts. Installations are also reported to be on progress and operational activity on their construction sites remain undisrupted.
“All our personnel are working flat out to ensure that our operations continue as smoothly as possible under these conditions, so that impact on our customers and partners is minimised. We are in close contact with them and with the relevant authorities.”
“The Group will issue a further update early next week,” the statement ended.
The incident, which was later discovered to be orchestrated by the cyber-criminals behind the Maze ransomware, is reported to have encrypted 237 computers and over 1,000 Terabytes of data.
To date, it remains unknown how much data was stolen from Bouygues Construction. However, as claimed by Bleeping Computer, since “the Maze Ransomware operators are known to steal a victim’s data before encrypting the computers, the threat actors will likely try to extort Bouygues Construction by threatening to publicly release their data unless a ransom is paid.”
Bouygues Construction is among the latest firms to had been victimized by the Maze ransomware over the past week. Other affected companies include five law firms, all of which are believed to have had sensitive data stolen.
“We’ve recently seen multiple Maze ransomware attacks and data leaks, particularly in the US which prompted the FBI to put out warnings late last year. The attacks on Bouygues are thought to have spread from their US operations and widely disrupted their global IT operations,” Matt Walmsley, EMEA Director at Vectra, told Information Security Buzz.
“Ransomware is an insidious threat spreading virulently at machine speed across the victim’s internal networks, and there are no perfect defences. With these type of high velocity attacks, time is the defending security team’s most precious resource,” he added.