• CHSF, a medium-to-large hospital in Paris, France, was attacked by ransomware last Sunday. The hospital’s business software, storage system, and patient information system were all inaccessible, and the emergency department and surgery were forced to close;
  • Le Monde said the ransomware team demanded a ransom worth $10 million from the hospital;
  • It is reported that the French cybercrime law enforcement agency is tracking the incident, including the Ragnar Locker and LockBit ransomware gangs.

The 1,000-bed Center Hospitalier Sud Francilien (CHSF) hospital, 28 kilometers from central Paris, suffered a cyber attack on Sunday (August 21), forcing it to refer patients to other institutions and delay surgery appointments. Currently the hospital is making measure on data disaster recovery.

CHSF provides medical services to 600,000 local residents, so any disruption to operations could pose a threat to the health or even the lives of patients at a critical juncture.

Translated by Google, the announcement issued by CHSF stated, “This computer network attack has temporarily inaccessible our hospital’s business software, storage systems (especially medical images) and information systems related to patient admissions.”

The hospital’s management has yet to issue further updates on the situation, and the current operational shortage caused by the IT system outage is not over.

Doctors at CHSF are already evaluating patients in need of urgent care, and if medical imaging is urgently needed, patients will be moved to another medical center.

French media Le Monde said the ransomware gang that attacked CHSF demanded victims pay $10 million in exchange for decryption keys.

A police source told Le Monde that “currently, the cybercrime unit of the Paris Prosecutor’s Office has launched an investigation into this organized hacker gang that hacked into computer systems and attempted to extort blackmail.” The investigation is being carried out by the gendarmerie of the Centre for Combating Digital Crime (C3N).”

Behind the scenes or LockBit 3.0

French cybersecurity journalist Valéry Riess-Marchive found signs of LockBit 3.0 infection during the incident and mentioned that the national gendarmerie involved in the investigation was also in charge of tracking down Ragnar Locker and LockBit.

Riess-Marchive said that, given Ragnar Locker’s history of only targeting large-scale critical infrastructure targets, this incident should not have been his fault. By contrast, LockBit 3.0 has a much broader target.

If LockBit 3.0 was indeed behind the CHSF attack, they violated the RaaS “rule of thumb” that encrypted attacks on healthcare providers’ systems should not be carried out by affiliated organizations.

At present, it is still unclear who is responsible for this incident, and the information of CHSF has not been posted on the extortion website of LockBit 3.0, so all the previous analysis is still only hypothetical.

Ransomware attacks are currently getting worse. Each and every area of the economy is at risk from ransomware. However, tiny enterprises go above and above to safeguard data. In such a circumstance, it is crucial to execute data backup and disaster recovery efficiently. These days, RHV backup, VMware backup, Hyper-V backup, and other backup methods are increasingly widely used.