Updated: Nov 8, 2021
The French association in charge of standardisation, Afnor, has been the victim of a cyber attack that disrupted its operations. The cause: the Ryuk ransomware. A new attack that reminds us of the urgency to better protect companies and public organisations.
An association under the supervision of the Ministry of Industry, Afnor is responsible for leading and coordinating the process of developing standards and promoting their application.
It also participated in the development of the Cyber Expert label used by Cybermalveillance to direct victims of cyber attacks towards the best professionals in the sector.
Following this attack, the association saw its organisation severely disrupted: website, online services, email and phone lines unavailable.
Afnor first indicated on social networks that it was the victim of "a technical problem and that it was doing everything possible to restore services as soon as possible". Before acknowledging that it was the victim of a large-scale attack. After the attack on AFNOR, the ANSSI teams were called in to investigate, diagnose and repair the systems.
A well-knowed ransomware to French services
Ryuk: A ransomware unfortunately already known to have caused havoc in two French hospitals: Dax and Villefranche sur Saône. As a result, the government has drawn up various points to strengthen the protection of health establishments, in particular by setting up an observatory on the level of cybersecurity in hospitals.
While waiting for the incident to be resolved, Afnor is working on creating "remote solutions" and setting up alternative communication channels to respond to its customers' requests.
Although no data leakage has been noted to date within Afnor, this type of cyberattack nevertheless raises questions about the types of targets concerned
(public services, hospital services, etc.), their recurrence and their impact.
To respond quickly to this type of attack, the government has announced a series of measures:
Setting up a permanent observatory of the security level of health establishments.
Work on raising awareness of cyber risks to be included in training courses
Strengthening the national cyber health surveillance service
Increasing the digital and cyber health budget by €350 million
It should be noted that the government also plans to invest €7 billion in the digital transition, including €1 billion dedicated to upgrading public services. All of these budgets should enable "moving towards more robust systems".
It should be remembered that AFNOR (for Association française de normalisation) has been at the heart of the French standards development process since its creation in 1926. It issues the famous NF and AFAQ standards for tangible and intangible goods. It also issues certifications on the subject of digital and cyber security.