Victims of a widespread computer attack the day before the first round of municipal elections, the city of Marseille and its metropolis are still paying the price. They remain, in fact, a month later still largely affected. An additional difficulty when France has been confined for almost a month, a period during which telework is de rigueur.
"Unprecedented in its scale", the cyber attack that occurred during the night of March 13 to 14 had been described as "massive and widespread" by the second city of France and by the Metropolis Aix-Marseille-Provence, a community which brings together 92 municipalities in the Southeast. "Our servers have been 90% encrypted against a ransom note," said the Metropolis, which on Friday expected a return to normal around May 20, explaining that it had to "rebuild a complete system".
>> READ ALSO - Coronavirus: taking advantage of the crisis, hackers attack
"These are all the digital services of the Metropolis that have been affected to different degrees of severity including information systems and management of human resources, pay, finances", explained to AFP this community. "The operational operating tools of the services but also part of the telephony, websites and services to users", are also affected, she added. To be able to work telework, the agents were encouraged to use an internet access via a personal Wifi network, the internet access of the Metropolis having been cut.
Videoconference work systems were deployed in a few days to allow the greatest number of agents to maintain their essential activities, specifies Aix-Marseille-Provence which employs some 8,000 agents.
Some services restored
The town hall of Marseilles which does not communicate on the scale of this cyber attack nor on its consequences, nevertheless underlines that the computer tool for the payment of the invoices and the treatment of the public markets was restored. Similarly, the telephone number of "Allô mairie" which enables Marseillais to contact its services has been restored. On the other hand, the registration of civil status declarations, such as numerous deaths during this pandemic period, is done manually.
"The municipal services are working tirelessly to return to normal," said the city without giving a date. The city of Martigues (49,500 inhabitants), which had also been affected by this cyberattack, said that it had resolved its problems ten days ago. The National Information Systems Security Agency (Anssi), asked to provide its technical expertise, said two days after the cyber attack that some 300 machines had been rendered inoperative in all three communities.
A "rancongware" at the origin of the computer attack
The "ransomware" used against these three communities is called Mespinoza / Pysa, said Anssi. "Ransomware" is malware that prevents users from accessing their files via their computer or mobile device, for example by encrypting them for ransom. Complaints were lodged and the investigation was assigned to the Cybercrime Department of the National Police.
"Ransomware has become a huge threat in cybersecurity in recent years," said the platform "No more ransom!" put together by Europol, the Dutch police and cybersecurity companies to help users fight these attacks.