Man stands next to computer with ransomware on screen

Ransomware attack demands $10 Million from French hospital

A ransomware attack that was directed against a hospital southeast of Paris has disrupted its operations. The hospital’s director said the facility will not pay the $10 million ransom demand made by the hackers to unlock the system.

The health and the lives of persons in need of medical attention might be put in danger if CHSF’s activities are interrupted because it covers a region with 600,000 residents.

According to the Centre Hospitalier Sud-Francilien (CHSF), commencing early on August 21st:

The hospital’s business software, storage systems (including medical imaging), and information system relating to patient admissions were all made unavailable by the ransomware attack.

The hospital’s management hasn’t given any more information on the matter, and the IT system failure that caused constrained operations is still affecting the facility. CHSF was forced to move patients and visitors to the emergency room who largely depended on healthcare systems to other facilities.

Nurses were forced to use pen and paper to keep track of the remaining patients. The organisation claimed that telephone and other communications were unaffected by the attack and that the building’s security was uncompromised.

The ransomware attackers that targeted CHSF reportedly demanded a $10,000,000 ransom in return for a decryption key, according to Le Monde, which possesses information from the nation’s law enforcement authorities.

A police source informed Le Monde, adding that:

The cybercrime division of the Paris prosecutor’s office has begun an inquiry into attempted extortion in a structured gang and breach into the computer system. The gendarmes of the Center to fight digital crime were given the task of conducting the investigations (C3N).

The hospital requests that people call the emergency services helpline at 15 rather than coming to the emergency room on their own.

Source of the Ransomware Attack

A LockBit 3.0 malware was detected by French cybersecurity journalist Valéry Riess-Marchive. He said that since the national gendarmerie responds to attacks like Rangar Locker and LockBit, their management of the situation is evidence leading in that way.

In contrast to LockBit 3.0, which has a wider targeting scope, Ragnar Locker places a different attention on the economic size of its victims, making it less likely that it was responsible for the attack, as Riess-Marchive argues at LegMagIT.

Since associates are not allowed to encrypt the systems of healthcare providers under the RaaS programme, LockBit 3.0 is to blame for the attack on CHSF. The involvement of CHSF is still unclear because the threat group’s authenticity hasn’t been verified yet and because CHSF isn’t included on LockBit 3.0’s ransom site yet.

Following a breach in which private patient information was stolen, GHT Coeur Grand Hospitals and Health Care organisation was cut off from all internet access in April. The organisation added that even while very few healthcare organisations can successfully recover all their data following a ransomware attack, they are more prepared than other businesses to pay the demanded ransom.

Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts