Ransomware, the dominant scenario in an era of unrivalled cybercriminal risk
For several years now, cyber crisis exercises have been based on a scenario that has become almost inevitable: ransomware attacks, involving single or double extortion, with multiple impacts: system encryption, data exfiltration, operational shutdowns, communication pressure, business continuity and recovery.
These exercises have helped to structure organisations’ crisis response mechanisms, professionalise response strategies and bring cyber crisis management into the executive committee. They remain essential but do not address the emerging threat of attacks involving the manipulation of information. In its awareness guide, written in collaboration with the CDSE, VIGINUM states: ‘Not a week goes by without VIGINUM teams detecting an attempt at foreign interference or destabilisation targeting our [French] companies.’
The target has changed: it is no longer the system, it is perception.
Attacks involving information manipulation begin outside the organisation, on social media, in the media, via influencers or misappropriated content. The threat is informational, cognitive and reputational. The aim is no longer to encrypt data, but to undermine trust in the targeted entity.
Information manipulation is distinguished by a specific characteristic: it has a major impact without exploiting any technical or human flaws. Instead, it uses misleading narratives, content taken out of context, and coordinated campaigns that are difficult to attribute. And yet the consequences are very real: loss of trust, media pressure, economic destabilisation, and security risks.
Developing new scenarios for handling information is essential to supplement crisis playbooks.
Traditional crisis exercises, particularly in the cyber field, are based on proven mechanisms: detection, containment, remediation, and then business recovery. They assume a relatively controlled scope, identified actors, and well-defined decision-making chains.
When faced with an information threat, the crisis immediately becomes part of a wider ecosystem involving the media, social networks, economic partners, institutions, influencers and sometimes even foreign authorities. The issue is no longer simply a matter of ‘managing an incident’, but of mobilising intermediaries capable of speaking with legitimacy, activating alliances and coordinating consistent communications beyond one’s own channels.
However, these dimensions — external coordination, indirect influence, media timelines — are rarely exercised in traditional crisis scenarios. They require the drafting of specific playbooks and a new type of exercise capable of simulating uncertainty, public pressure and the complexity of an open information space, where the organisation no longer controls the pace or the terrain.
When information interference targeted participants in the 2024 Paris Olympic Games
The 2024 Olympic and Paralympic Games in Paris have provided a very concrete illustration of the growing risk of economic information interference. French companies – sponsors of the Games, service providers, transport operators, security and event management companies, and associated brands – have been exposed to information manipulation tactics.
Foreign actors have directly or indirectly targeted the economic ecosystem of the Games, attacking in particular the International Olympic Committee (IOC), sponsors, the City of Paris, and institutions and organisations whose image has been misused, such as Amnesty International and the DGSI. The methods used have been documented: boycott campaigns, polarising hashtags, fake audiovisual content sometimes generated by AI, usurpation of institutional identities, exploitation of physical actions, opaque use of influencers and amplification by networks of inauthentic accounts.
Strengthen, supplement, hybridise: the necessary evolution of cyber crisis exercises
It is not a question of choosing between cybercrime training and training dedicated to combating information manipulation (LMI), but rather of combining the two. The most mature organisations now combine cyber technical exercises, purely informational scenarios and hybrid crises combining the two.
Crises linked to information manipulation share with cyber crises the characteristic of occurring suddenly and on a massive scale. This is precisely why they must be practised, tested and trained for before a crisis occurs.
Sources: Summary of the information threat targeting the Paris 2024 Olympic and Paralympic Games, September 2024, VIGINUM (SGDSN) and Guide to raising awareness of the information threat for French economic actors, December 2025, VIGINUM in partnership with the CDSE.
Article written by:
Guillaume CHÉREAU – COO Alcyconie
Read the article
Resilience in the era of AI: the delicate art of balance - Maddyness
4 December 2025Read the article
When cognitive psychology sheds light on cyber crisis management
6 November 2025Read the article
