Cyberattack Strikes the Grand Palais RMN; Impact Appears Limited

Overnight on Saturday, Aug. 3, cyberattackers struck the computer systems belonging to the Réunion des Musées Nationaux et Grand Palais (RMN), a French cultural institution that oversees dozens of museums, shops, and exhibitions, as well as around 100 publications.

In its own words, RMN is "neither a museum nor a gallery, but an unidentified creature on the cultural landscape." This summer, its namesake Grand Palais complex has hosted various Olympics-related exhibitions and events, including fencing and Taekwondo competitions.

Between Aug. 3 and 4, RMN fell victim to a purported ransomware attack. Defenders quickly responded, and the organization reported little impact to any of its many related institutions.

France's Anti-Cybercrime Brigade has opened an investigation into the incident. According to the country's penal code, fraudulently accessing a data processing system is punishable by three years' imprisonment, and deleting or modifying the data therein adds another two years on top.

What (Seems to Have) Happened

Le Parisien was the first to report that a weekend attack against RMN involved ransomware. The attack targeted the system that centralizes financial data across its various related institutions. It suggested that a cryptocurrency ransom was involved, that data had been exfiltrated, and that organizations like the Louvre were affected.

In an Aug. 6 press release, however, the RMN said it had discovered no signs of data exfiltration. Meanwhile, the Louvre's chief of staff, in a post to X, denied that the attack had affected it.

The Grand Palais director clarified to reporters, "This only concerns our internal network of shops, and not even the other activities of the RMN-Grand Palais. We immediately disconnected everything that was vital and called on the special state unit that deals with this type of problem, the French Computer Security Agency."

RMN noted that even those potentially affected shops "are operating normally, autonomously and the museums and their bookshops remain open to the public under the usual conditions."

Hackers' Underwhelming Performance at the Olympics

"Everyone expected the Olympic Games to be the target of cyberattacks," says Dr. Martin J. Kraemer, security awareness advocate at KnowBe4. If this attack was the best the bad guys have got, though, it will have been underwhelming.

"Attackers have used ransomware attacks on other occasions to cover the tracks of something else," Kraemer adds. "This might be the case here. However, it seems more likely that the scheme is a quick exploit and nothing else in this case."

Still, there are five more days of the Olympics to go. "It will be interesting to watch the situation unfold on the world stage," says Josh Jacobson, director of professional services at HackerOne. "There continues to be a significant risk of attacks against the event’s associated venues, attendees, and spectators. Fake ticketing sites, social engineering campaigns or phishing attacks still pose a significant risk until the games end and beyond that."