Keyrus Victim of a Cyberattack by Ransomware

The consulting and integration company Keyrus was hit by ransomware which encrypted part of its computer systems. External technical experts were called in to assist.

After Altran and Sopra-Steria, it is the turn of another emblematic figure of information technology consulting companies to be in the sights of cyber hackers. The company said it was the victim of a global ransomware attack. “Despite the reinforced security measures applied on a daily basis to protect the data and the integrity of the IT resources connected and installed on its systems, some of these have been encrypted,” Keyrus said.

The origin of the attack has been identified without further details. Contacted for additional information, the group did not respond to our request. “This cyber attack is not surprising because overall we know that IT service providers are particularly targeted,” explained Laurent Besset, cyber defense director of i-Tracing and founding sponsor of Cesin. “We cannot say that the attackers will act by rebound to attack Keyrus customers. Encrypted data that may be of interest to hackers could undoubtedly concern elements of the architecture and security of client ISs. I remain very careful with the juxtaposition of this cyberattack with Kaseya even if it is very tempting to glue these two pieces together ”.

A remediation plan to restart the IS
Specialized in consulting (strategy, organization, performance management, etc.) and the integration of solutions, in particular in the fields of BI, big data and e-commerce, Keyrus has several hundred customers including Air France KLM, AP-HP, Biomerieux, Coliposte, Galeries Lafayette, La Grande Recre, the Ministry of Justice, Solvay, Vinci, … In 2021 the group achieved nearly 261 million euros in turnover and is present in 20 countries including the United States, China, Brazil and South Africa and has more than 3,000 employees.

Following this incident, the group indicates that it very quickly took isolation and security measures to contain the spread of the virus and protect the group’s customers and partners. “The Keyrus teams have surrounded themselves, in France and internationally, with technical experts in cybersecurity, some of whom have been appointed by the Keyrus insurance company, to analyze the causes as well as the operating mode of the attack” , indicates the company. A remediation plan to allow a gradual and secure restart of its IT systems and to ensure the continuity of its services and operations has also been initiated.