#CyberWeekly

A ransomware attack on Vivaticket's French subsidiary Irec SAS disrupted online reservations at nearly 3,500 museums, monuments, and cultural sites across Europe — including the Louvre, Musée d'Orsay, Eiffel Tower, Arc de Triomphe, and Notre-Dame de Paris. RansomHouse claimed responsibility and published stolen data.

• What was stolen: visitor full names, purchase history, reservation details, email addresses, login timestamps, and account metadata. Vivaticket confirmed no credit card or banking data was accessed
• How one vendor hit 3,500 institutions: Vivaticket operates a shared ticketing platform across European cultural institutions. Breaching the vendor's subsidiary was enough to expose data from every client. Classic supply chain leverage
• Still disrupted: online booking services remained unavailable at some affected sites while Vivaticket, the French national cybersecurity agency ANSSI, and law enforcement assessed the damage
• The MSP lesson: if your clients use shared SaaS platforms — booking, HR, accounting, CRM — a breach at that vendor exposes your clients' data too. Vendor security is your responsibility under NIS2

This is exactly what NIS2 supply chain security obligations are designed to address. Every critical supplier should be in your risk register with a ransomware scenario — the Louvre did not choose to be a ransomware victim, but its ticketing vendor made that choice for it.

This week we shipped the biggest AI upgrade to date: the Policy Wizard now generates your security policies section by section using Cloudflare AI, and TARS can surgically revise any passage with a single message. No more staring at a blank page.

• Graph-first generation: start with a configure step — set the policy title and scope criteria. The wizard maps your organisation's entity types and builds each section in sequence with real placeholder fields for names, dates, and specific values
• Universal entry point: any new policy or procedure page now shows the AI generator. Whether you are starting from scratch or from a skeleton template, the AI meets you where you are
• TARS document assistant — now smarter: TARS runs on Gemma 4 with auto thinking mode and can now surgically edit any wiki section. Describe what you want changed; TARS patches only that passage and leaves the rest untouched
• Context-aware help: TARS reads the current page and understands which control, policy, or assessment you are working on — so its suggestions are specific, not generic

If you work with MSP clients, the new MSP CyFun explainer guide is now live — it walks through the entire journey from onboarding to audit-ready in language you can share directly with clients. And all 34 CyFun Basic controls now have AI-assisted policy templates ready to generate.

Fountain, a Belgian publicly-listed company specialising in workplace coffee services, confirmed a ransomware attack involving unauthorised access and data exfiltration. The company filed a criminal complaint on March 31; Dragonforce claimed the attack on April 1.

• The attacker: Dragonforce is a Malaysia-based ransomware-as-a-service cartel that emerged in late 2023. It operates as a white-label distributor — any affiliate can use their infrastructure and branding. Over 363 victim organisations listed to date, with growing European reach
• What Fountain said: unauthorised access to part of its IT environment, data extracted, investigation ongoing. The company does not expect significant financial impact at this stage and has filed a criminal complaint with Belgian authorities
• Why it matters for SMEs: Fountain is not a hospital, a bank, or a government agency — it makes coffee machines. If Dragonforce targets workplace services companies, no sector is off their list. The risk model for your clients cannot assume "we are too small" or "we are too boring to hit"

The real cost of a breach goes far beyond the ransom — investigation, notification, reputational damage, and regulatory risk all compound. The NIS2 guide for SMEs explains what Belgian companies are now required to have in place to limit that exposure.