French version: 🇫🇷
In the past few weeks, ANSSI became aware of cyber attacks targeting French local authorities. These attacks involved ransomwares whose use resulted in several encrypted files. The origin of these attacks is still unknown, and investigations are in progress. However, ransomware attacks are usually opportunistic and driven by a lucrative purpose.
This document aims at describing the behaviour of the intrusion set involved in these attacks, as well as providing related indicators of compromise.