In recent days, a failure of online ticketing has affected a significant part of access to French cultural institutions. The Italian platform Vivaticket, which provides ticketing for nearly 3,500 museums, monuments and parks in Europe, has been hit by a ransomware attack. Servers are encrypted, reservation interfaces stop working, and users encounter messages inviting them to buy their tickets on site. At the same time, millions of personal data have been stolen.
The attack is claimed by the cybercriminal group RansomHouse. The collective would be based in Russia, with relays in Iran. Initially focused on data theft without encryption, it now uses forms of double extortion, combining theft and blocking of systems. Samples of stolen data are posted on a leak site to force the victim to pay a ransom.
To date, the Museum of Hunting and Nature mentions a “technical incident” announced as resolved by the operator, but the ticket office remains unavailable. The Guimet Museum, the Rodin Museum and the MEP confirm the interruption of their online service and recommend a purchase on site, anticipating the crowds. The National Library of France mentions a “temporary unavailability” linked to a “technical incident” with its service provider. It limits purchases to the on-site ticket office. The Center for National Monuments maintains a general alert, despite a partial restoration of certain ticket offices, notably that of the Arc de Triomphe.
In Lyon, the ticket office of municipal museums (Fine Arts, Museum of Contemporary Art, Gadagne, Center for the History of Resistance and Deportation) is inaccessible; the Museum of Contemporary Art website displays a banner redirecting to the ticket offices. At this time, the Louvre-Lens still displays an unavailability message on its reservation pages and refers visitors to the counters or telephone sales. But as the attack is still being processed, status messages can evolve quickly.
