Leak at Cogitis
On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.
- Victim
- Cogitis
On 31 December 2024, Cogitis — a French syndicat mixte (inter-municipal IT joint authority) that provides systems integration, digital services and IT consulting to local authorities and public bodies — was claimed as a victim by the DragonForce ransomware group, which posted the organisation on its dark-web leak site.
DragonForce operates a ransomware-as-a-service model and, like most modern extortion groups, exfiltrates data before encryption to pressure victims into paying. The attackers published a sample as proof and advertised roughly 81 GB of stolen data. Because Cogitis manages information systems on behalf of numerous communes and public entities, the exposure reaches beyond the syndicate itself to the administrations it serves.
Categories of exposed/affected data reported by the operators and trackers include:
- Internal documents and operational files
- Personal data relating to the public bodies and their users
- Email and Microsoft 365 / DNS infrastructure information
The intrusion is estimated to have occurred around mid-December 2024, with the leak listing appearing on 31 December 2024. Cogitis did not publicly confirm a ransom payment, and the resolution and full scope of the incident remain unconfirmed.
Sources
- ransomware.livehttps://www.ransomware.live/id/Q29naXRpc0BkcmFnb25mb3JjZQ==
- breachsense.comhttps://www.breachsense.com/breaches/cogitis-data-breach/
- redpacketsecurity.comhttps://www.redpacketsecurity.com/dragonforce-ransomware-victim-cogitis/