Keyrus victim of a ransomware cyberattack

Read Time:2 Minute, 1 Second

The consulting and integration company Keyrus was hit by a ransomware that encrypted part of its computer systems. External technical experts were called in for reinforcement.

Keyrus announced

After Altran or Sopra-Steria, it is the turn of another emblematic figure of information technology consulting companies to be in the crosshairs of cyberpirates. The company has indeed indicated that it has been the victim of a global ransomware attack. “Despite the reinforced security measures applied on a daily basis to protect the data and the integrity of the IT resources connected and installed on its systems, some of these have been encrypted”, indicated Keyrus.

The origin of the attack has been identified without further details. Contacted for additional information, the group did not respond to our request. “This cyberattack is not surprising because globally we know that IT service providers are particularly targeted,” explained Laurent Besset, cyberdefense director of i-Tracing and founding sponsor of Cesin. “We cannot say that the attackers are going to act by rebound to attack Keyrus customers. The encrypted data that may be of interest to hackers could undoubtedly relate to elements of architecture and security of client IS. I remain very cautious about the juxtaposition of this cyberattack with Kaseya even if it is very tempting to glue these two pieces together”.

A remediation plan to restart the IS

Specialized in consulting (strategy, organization, performance management, etc.) and the integration of solutions, particularly in the areas of BI, big data and e-commerce, Keyrus has several hundred customers, including Air France KLM , AP-HP, Biomérieux, Coliposte, Galeries Lafayette, La Grande Récré, the Ministry of Justice, Solvay, Vinci, etc. In 2021 the group achieved nearly 261 million euros in turnover and is present in 20 countries including the United States, China, Brazil and South Africa and has more than 3,000 employees.

Following this incident, the group indicates that it very quickly took isolation and security measures to contain the spread of the virus and protect the group’s customers and partners. “The Keyrus teams have surrounded themselves, in France and abroad, with technical experts in cybersecurity, some of whom have been appointed by the Keyrus insurance company, to analyze the causes as well as the modus operandi of the attack” , says the company. A remediation plan to enable a gradual and secure restart of its IT systems and ensure the continuity of its services and operations has also been initiated.