SI, Content, Networking

Ransomware Attacks IT Consulting Firm But Doesn’t Spread to Customers

Global IT consulting firm Inetum Group suffered a ransomware cyberattack on December 19. The attack impacted "certain operations" in France, but did not impact Inetum's operations outside of the country, according to a statement from the company.

Among the cyberattack details that Inetum Group disclosed:

  • None of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been affected.
  • Within the affected Inetum perimeter, all servers have been isolated and client VPNs have been switched off.

Read between the lines and the cyberattack may have a silver lining: It apparently was not an MSP-oriented supply chain attack -- which means it did not extend across multiple service providers and downstream customers.

Inetum Engages ANSSI, Security Incident Response Consultant

Inetum Group is working with ANSSI (French Network and Information Security Agency) to investigate the attack. There is no indication that the event involved the Log4j vulnerability.

Moreover, Inetum has hired a security incident response company to assist with the investigation and cleanup, though the security consulting firm's name was not disclosed.

Inetum did not disclose how many and what type of internal systems were hit in the attack, nor did the digital transformation company disclose a potential timeline for the recovery of such systems.

Inetum has roughly 27,000 employees across more than 25 countries.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.