Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
A yacht building company is hit on several sites. Cost estimated at 45 M€.
Day Month Year Country Activity Incident Type
18 February 2021 France Shipyard Virus/Ransomware


The victim, a prestigious multinational corporation in the boating industry, faced a cyberattack that disrupted its IT infrastructure. The company, which holds a significant market presence with its diverse range of boats and leisure homes, recognized the intrusion during the night of February 18 to 19, prompting an immediate and comprehensive shutdown of its information systems.

According to sources, the attack compelled several production units, especially in France, to either slow down or completely cease operations for a few days. In response, the company deployed backup applications and systems to resume activities in a secure yet degraded mode while conducting thorough investigations to fully restore all systems. Despite the disruption, the financial impact of the incident is reportedly covered by the company’s insurance policies.

Following the attack, the victim has been working diligently with cybersecurity experts and authorities to mitigate the consequences. Further details regarding the incident's implications on the company’s financial results were anticipated to be shared in a subsequent report on the annual revenues for the year ended December 31, 2020, with an estimated impact of 45 M€.



Claimed/Reported Threat Actor




Main impact



Recommendations to Shipyard to reduce Virus/Ransomware risks:

  • Map, understand, patch and secure your exposed assets on the Internet.
  • Implement email filtering systems to detect and block phishing emails.
  • Train your organisation, personnel regularly against these threats.
  • Install efficient Endpoint Detection and Response (EDR) tools.
  • Work with your CSIRT organization to better understand the Tactics, Techniques and Procedures used by threat actors.
  • Monitor your IT and OT systems to quickly detect potential pre-ransomware activity.
  • Implement an efficient offline backup policy.
  • Encrypt all sensitive data to avoid further data leaks.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.