Ateliers Jean Nouvel Hit by Qilin Ransomware Attack

Incident Date:

May 11, 2024

World map

Overview

Title

Ateliers Jean Nouvel Hit by Qilin Ransomware Attack

Victim

Jean Nouvel

Attacker

Qilin

Location

Paris, France

, France

First Reported

May 11, 2024

Ransomware Attack on Ateliers Jean Nouvel by Qilin Group

About Ateliers Jean Nouvel

Ateliers Jean Nouvel is a renowned French architectural firm founded by Jean Nouvel in 1994. The company is based in Paris and has grown to employ 140 people in its main office, with site offices in Rome, Geneva, Madrid, and Barcelona. Ateliers Jean Nouvel is currently working on 30 active projects in 13 countries and has an annual revenue of $7 million.

Known for its innovative and contextual approach to architecture, Jean Nouvel's designs focus on light, space, and innovation, incorporating natural elements to create immersive experiences. The firm has worked on iconic projects such as the Arab World Institute in Paris, the Louvre Abu Dhabi, and the National Museum of Qatar.

Ransomware Attack Details

Ateliers Jean Nouvel has reportedly been compromised by the Qilin ransomware group, which exfiltrated confidential documents, PII data, and financial information. The group published a sample of the stolen data on their dark web leak site, threatening to release more if a ransom is not paid.

The company's high-profile projects and reputation in the construction sector make it a prime target for threat actors. The firm's extensive use of digital tools and data storage systems may have made it vulnerable to cyber attack.

About Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a prominent ransomware-as-a-service (RaaS) group that targets critical infrastructure organizations worldwide. They use a double extortion technique, exfiltrating sensitive data in addition to encrypting it, and demanding payment for decryption. Qilin ransomware attacks are highly customizable and written in Rust and Go programming languages, making them hard to detect and decipher.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.