Customer success story: AFNOR

AFNOR Group: From ransomware threat to rapid recovery in just eight days

When a sudden ransomware attack hit AFNOR Group, it called in Airbus Protect to help diagnose and resolve the incident. After just eight days, our expert team brought AFNOR’s information systems fully back online.

The client

AFNOR Group is a key player in the standards and quality assurance space, primarily in France but also with international reach. It designs solutions based on voluntary standards across all sectors and verticals, helping organisations establish and maintain trust.

afnor group logo

The challenge

In February 2021, AFNOR Group fell victim to the cyber threat every organisation fears – ransomware. Airbus Protect later learned the infection originated from a phishing email sent three days prior. As a result, some of AFNOR’s files were encrypted, and most servers became inaccessible.

" When you face this kind of crisis for the first time, you’re momentarily stunned. It was a real advantage to be able to count on a reliable partner like Airbus Protect and have expert responders on our side to help us manage the crisis. "

Jean-Marc Aubert, AFNOR Group CISO

The solution


During any ransomware attack, finding out what happened before restoring systems is crucial. This is the only way to ensure that the malware doesn’t spread further.  

AFNOR Group called in Airbus Protect’s CSIRT (computer security incident response team) to help study the traces of the attack and identify the origin of the problem. In only three days, our CSIRT experts reconstructed the entire chain of contamination. 


The next step was eradicating the problem while maintaining the digital chain of evidence. Thanks to our CSIRT’s thorough investigation, it only took eight days for AFNOR Group to get up and running again. 


Just because AFNOR was back online doesn’t mean Airbus Protect’s work was over. Overall, rebuilding and deploying AFNOR’s entire information system took a total of three months.   

During this time, our SOC experts set up ‘contingency supervision’ – a rapidly deployable SOC that allowed us to act quickly. 


A CSIRT’s role isn’t just to control chaos but to prevent it from reoccurring. To be sure hackers couldn’t reactivate the same backdoors, our experts helped AFNOR Group make significant security improvements and rebuild the company’s entire IT infrastructure.

Long-term collaboration 

After its ransomware recovery was complete, AFNOR Group decided to continue working with Airbus Protect as a SOC provider. It gradually moved to a standard Airbus Protect SOC solution, which offered expanded monitoring coverage and a new detection approach.

Airbus Protect also spearheaded a ransomware employee awareness programme, with ‘phishing’ campaigns and password hacking tests. As a result, AFNOR Group employees created stronger passwords and learned how to spot suspicious emails and attachments.

Learn more about the cybersecurity offerings mentioned in this case study 


We protect clients from both known and unknown cyber threats. Our comprehensive SOC services are delivered 24/7 from secure premises in the UK, France, Germany and Spain.


Are you facing a cyber incident? Our CSIRT will help you recover quickly and minimise damage. We also help prevent future incidents by identifying IT vulnerabilities, recommending remedial measures and advising on regulatory compliance.

Want more information about any of the issues mentioned in this case study? Get in touch with our expert team below.