French multinational Bouygues Construction has acknowledged that it suffered a ransomware attack end of January, forcing the company to shut down its systems worldwide.
The construction giant provided scant detail in a statement published on its website, but the Maze ransomware gang has claimed responsibility for the attack.
Maze is known for not just encrypting and holding computers to ransom, but also for stealing victims' data and posting it on the web to force payment.
iTnews was able to view a list of 237 computers with Windows domain names on the Maze website.
One of the computers is said to belong to Bouygues Construction's Australian subsidiary.
Maze has also posted a 1.2 gigabyte file that allegedly contains data taken from Bouygues Construction on its site.
Emails sent to Bouygues Construction currently return error messages asking people to contact the company through other means, owing to "an IT failure", and phone calls are not answered.
Bouygues Construction said "all our personnel are working flat out to ensure that our operations continue as smoothly as possible under these conditions, so that impact on our customers and partners is minimised."
Maze struck Canadian construction firm Bird just days before attacking Bouygues Construction.
The ransomware criminals have also attacked law and accountancy firms, as well as local authorities and health care clinics, in all cases taking data along with encrypting computer systems, Emsisoft threat analyst Brett Callow said.
If victims do not pay the ransom despite sensitive data being published on the web, Maze has been known to post the information in Russian hacker forums, suggesting it can be used "in any nefarious way you want," Callow said.
The story will be updated once iTnews is able to contact Bouygues Construction for comment.