Cyber attack hits property arm of French bank BNP Paribas

PARIS (Reuters) - A global cyber attack has hit the property arm of France's biggest bank BNP Paribas BNPP.PA, one of the largest financial institutions known to be affected by an extortion campaign that started in Russia and Ukraine before spreading.

The logo of the BNP Paribas bank is seen in Paris, France, March 3, 2016. REUTERS/Jacky Naegelen/File Photo

The worldwide attack has disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.

The attack hit BNP’s Real Estate subsidiary, a BNP Paribas spokeswoman told Reuters, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident.

“The necessary measures have been taken to rapidly contain the attack,” she said.

BNP Paribas Real Estate provides advisory, property and investment management and development services mostly in Europe.

It employed 3,472 staff at end of last year, with operations in 16 countries, and had 24 billion euros ($27.26 billion) in assets under management.

Many of the companies affected globally by the cyber attack had links to Ukraine although there is no indication that this was the case for BNP. It owns a bank in the country, UkrSibbank.

France’s financial sector regulator ACPR remained vigilant but there were no alerts concerning banks it supervises, it said in an emailed statement to Reuters.

Earlier this year following a similar attack, many banks in Europe said they had stepped up efforts to shield themselves.

BNP Paribas set up a dedicated department in 2015 called Information Security and Information Systems and launched a “transformation program” to upgrade its security systems.

Authorities including the European Central Bank have also checked their technology systems in recent years.

Among BNP's peers, France's Societe Generale SOGN.PA told Reuters on Tuesday it was not affected by the attack. Credit Agricole CAGR.PA and BPCE both declined to comment.

Banks generally have more robust cyber defenses than other sectors, because of the sensitive nature of their industry. But ageing technology and banks’ attractiveness to hackers means they are often targets.


France’s ANSSI cyber security agency urged caution on Wednesday about speculation on the identity and number of victims of the attack in France.

Reverberations from the attack continued on Wednesday with shipping giant A.P. Moller-Maersk MAERSKb.CO, which handles one in seven containers shipped worldwide, telling Reuters it is unable to process new orders after being hit by the cyber attack.

Among other French companies, retailer Auchan [AUCH.UL] said Tuesday’s cyber attack had hit terminal payments in its stores in Ukraine but the incident was now over. [nP6N1JF044]

French construction and building materials group St Gobain SGOB.PA said its systems were gradually returning to normal after the company fell victim to the cyber attack on Tuesday. [nP6N1JF045]

The ransomware virus includes code known as “Eternal Blue”, which cyber security experts widely believe was stolen from the U.S. National Security Agency. If one computer in a network is infected, the virus can spread rapidly.

The virus crippled computers running Microsoft Corp's MSFT.O Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.

($1 = 0.8804 euros)

Editing by John O’Donnell and Adrian Croft