Bouygues Construction falls victim to ransomware

The French multinational has shut down its IT systems in response to the attack detected late last week.
Written by Asha Barbaschow, Contributor

Bouygues Construction has confirmed falling victim to ransomware that it detected across its network on January 30.

"As a precautionary measure, information systems have been shut down to prevent any propagation," the company said in a brief statement.

"Our teams are currently fully focused on returning to normal as quickly as possible, with the support of experts.

"Installations are progressively being put back into service after being tested."

Bouygues took to Twitter over the weekend to announce the attack.

"The @Bouygues_C computer network has been the victim of an act of cybercrime. We are doing everything we can to get back to normal as soon as possible. We are in close contact with our customers and partners as well as the relevant authorities," the company tweeted.

Bouygues said operational activity on its construction sites had not been disrupted, and that its personnel was "working flat out to ensure that our operations continue as smoothly as possible under these conditions, so that impact on our customers and partners is minimised".

"We are in close contact with them and with the relevant authorities," it added.

ZDNet understands the Maze ransomware group was behind the attack, with Bouygues' data being published online.

Maze recently created a website on the public internet where they listed all the victim companies who didn't pay and have started leaking some of their data.

Information relating to the victim's employees has included names, home addresses, phone numbers, social insurance numbers, banking details, and drug test results.

Bouygues is headquartered in France, but its Australian arm is currently contracted on a handful of civil projects, including Sydney's NorthConnex, Melbourne's Metro Tunnel, the Go Between Bridge -- a 280-metre bridge crossing the Brisbane River, and the Sydney Airport Link.

It is understood medical imaging and radiotherapy equipment provider United Imaging has also been hit by Maze, with a data dump available on the ransomware gang's website labelled "Australian".

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia    


Editorial standards