The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024.

Grand Palais Rmn is an institution responsible for managing several museums and cultural sites in France. It oversees various aspects of the museum’s operations, including exhibitions, cultural programming, and operations.

The institute itself is a historic site and an exhibition hall in Paris, currently hosting major art exhibitions and cultural events that are part of the Olympic Games, including the fencing and Taekwondo competitions.

On Monday, Le Parisien reported that operational disruptions at Grand Palais Rmn were caused by a ransomware attack, according to the media outlet’s internal sources.

However, claims that the attack affected other museums, including the prestigious Louvre—which is especially vital during the current tourism boom—were disputed on X by the Louvre’s director, Matthias Grolier.

French media Sud Ouest reports that the attack caused the Grand Palais Rmn to shut down systems to prevent the spread of the attack, disrupting the bookstores and boutiques at numerous museums in France. However, a solution was created that allowed the stores and boutiques to operate autonomously.

The Grand Palais Rmn says the cyberattack has no other impact on the museums under its management, which continue to operate normally.

“No impact has been observed on the operations of the Grand Palais, where the Olympic events on Sunday proceeded without any issues,” reads the announcement about the incident.

“As for the 36 museum shops managed by the Grand Palais Rmn, they are operating normally, autonomously, and the museums and their shops remain open to the public under usual conditions.”

Grand Palais Rmn says it immediately informed ANSSI (France’s cybersecurity taskforce), the National Commission on Informatics and Liberty (CNIL), and the Ministry of Culture about the cyberattack.

ANSSI is currently helping in the remediation and network restoration process, while preliminary investigations have not unearthed any signs of data exfiltration from the compromised systems.

However, the threat actors allegedly left a ransom note demanding a payment in cryptocurrency or they would leak data stolen in the attack.

LeMagIT’s editor-in-chief Valery Marchive reports there’s credible evidence the attack might have been caused by a hijacked account of a collaborator of Grand Palais Rmn, whose credentials were stolen by info-stealer malware.

No ransomware groups have assumed responsibility for the attack, so the threat actors remain unknown.