This morning, ransomware gang Brain Cipher posted the Réunion des Musées Nationaux (RMN) to its data leak site, alleging to have stolen over 300GB of data. This follows RMN’s systems suffering a crippling attack during the Paris Olympics in early August 2024. Brain Cipher was rumored to be the gang behind the attack at the time.
In its initial statement, RMN said “no data extraction has been detected.” But, with the majority of ransomware gangs stealing data as well as encrypting systems, it may have been too early to make such claims.
Even though causing maximum disruption to RMN’s museums and shops at one of their busiest times was likely the main motive behind the attack, stealing data will help shore up their chances of receiving a ransom payment. And, as we’re seeing, if one isn’t received, the stolen data can be put up for sale on the dark web. Reports suggested at the time that hackers had demanded a ransom for stolen ‘financial data’ but it is still unclear exactly what data is potentially involved. And with the attack affecting customer-facing shops, it could be significant.
Comparitech has contacted RMN for more information and will update the article if it responds.
Who is Brain Cipher?
Brain Cipher is a relatively new ransomware gang that posted its first claim in July 2024. Since then, we’ve tracked two confirmed attacks via this group and ten unconfirmed attacks.
Brain Cipher is a variant of the LockBit family. This was seen in the other confirmed attack on Indonesia’s national data center in which a LockBit variant was used to carry out the attack. But, in a dramatic turn of events, Brain Cipher then posted on its site to say it would hand the keys back for free after hopefully showcasing the need for specialists in the industry. This followed an initial $8 million ransom demand.
Ransomware attacks on government organizations
This attack on Réunion des Musées Nationaux et Grand Palais highlights a growing threat on government entities from ransomware groups. So far this year, we’ve tracked 107 attacks on government entities around the world with just over 134,000 records impacted across these attacks. The average ransom across these attacks is $1.83 million.
Ultimately, attacks on the public sector are done to carry out maximum disruption through encrypted systems and downtime. We can see this in the lower numbers of records affected in these types of attacks (when compared to other industries). This would suggest hackers aren’t necessarily going after data but are focusing on crippling key systems instead. However, as we’ve seen with RMN, most gangs will try to steal some data in the process, too.
About the Réunion des Musées Nationaux
Formed in 2011, the Réunion des Musées Nationaux is a French cultural umbrella organization that was established after the Grand Palais and Paris National Museums merged.