How Fleury Michon almost got seen by a ransomware

after have escaped due to a computer attack that targeted his French company Fleury Michon returned to the details of the this cyberattack during the workshop at the security bases in Monaco.

It should be noted that last April, did the company see these computer systems paralyzed by malware, a ransomware. The malware had damaged the operation of several servers that were useful for running applications that were essential to the business.

This article will also interest you: 5 measures to fight ransonware

It was at midnight that the attack started and unfortunately no ransom demand could trace back to the culprit. "We were really in the dark at this level, so we quickly convened a crisis cell and stopped the group's activities (…) Management is quickly informed, as well as partners and insurance companies. explains Anne Michel, one of the head of the deli company.

The company is not an OIV (Vital Importance Operator), so it was the insurance company that had to intervene by asking a cybersecurity company called "Intrinsec" to help. The specialists of the state preferred not to melee. Nevertheless the deli company to mention having informed ANSSI. "They still supported us, and it was quite reassuring for us," explained Anne Michelle. "One of our first things was to inform all the plant managers to explain why we were blocking production and what we were putting in place with the help of Intrinsec."

On the other hand, the transparency shown by French society is nevertheless to be welcomed. All the partners were able to be informed in real time of what happened and they did not hesitate to give more information when things were wrong: "We chose to be very transparent with them, so much so that some spontaneously offered us help.

the the real question arose at the time of the resumption of operations. "To rebuild safely, we have put in place a clean room, from two healthy workstations, and we have reconstructs logistics applications from these two stations. the factory managers had to go through these two posts to register their deliveries. It is this device that has allowed us to resume production Monday, April 15. »

that which led outside the world that everything had gone well and that the crisis had ended. But in reality the facts told quite another story: "From from a trades perspective, it is estimated that they have emerged from the crisis as of 30 April. For the first time, it was more complicated and we estimated that it had returned to normal operation at the beginning of July. »

In the days that followed, an in-depth analysis revealed that a total of 220 servers were corrupted by a malware whose strain is still unknown. On the pirate side, no information collected. They did not make any ransom demands perhaps because they did not have time. And so they're vanished. But in total, let's say the balance sheet is not that bad.

"The incident and the way it was handled also showed that the company's IT department had very competent people, ready to provide 24-hour 14-day access to this type of incident. And that could make it easier for us in the future: for the cybersecurity budget 2020, I think I can ask what I want," said Anne Michel.

Now access an unlimited number of passwords: