Ransomware attack on a major Parisian hospital

fwadminAugust 23, 2022

461

It is a massive computer attack that has affected the Southern Ile-de-France Hospital Center (CHSF) in Corbeil-Essonnes this Sunday. All the French newspapers are talking about it because of its impact. According to the communiqués from the hospital and the French authorities, the activity is seriously disrupted.

It is from police sources that the ransom demand was revealed: 10 million dollars and formulated in English by the hackers.

Downgraded mode and activation of the white plan

In order to cope with the attack, the hospital activated its “white plan” on Sunday. The white plan is a business continuity plan that, once triggered, allows the hospital to continue to provide health care and public service without having to use business software or storage and information systems. The National Authority for the Security and Defense of Information Systems (Anssi), the French cybersecurity agency, was quickly contacted by the hospital’s crisis unit.

The establishment is doing everything possible to ensure its mission and maintain ambulatory care. The emergency room continues to treat arrivals by redirecting them to the on-call medical centers in the region. If patients require technical care, they are redirected to other hospitals in the region because the imaging systems are down and the operating room is severely disrupted.

The telephone communication systems remain fully operational.

Ransom and origin of the ransomware in question:

The hackers are demanding a ransom of 10 million dollars to unlock the information system and are threatening to disclose the patients’ personal data. The National Gendarmerie’s Center for Combating Digital Crime (C3N) is in charge of the investigation and this gives us a clue as to the nature of the ransomware.

Indeed, in France, the police and the gendarmerie divide the competences in the field of ransomware. The police deal more with cases involving Vice Society or Hive while the gendarmerie deals with cases involving Lockbit or RagnarLocker.

However, RagnarLocker usually attacks higher level targets such as MCS, Dassault, Carlson Wagon Lit, LDLC, Capcom…

But the possibility of Lockbit’s involvement in this hack is also unlikely because the franchise’s terms of use are very clear and refuse to attack targets whose data encryption could result in fatalities. This is clearly the case in the attack on this hospital in Corbeil-Essones.

Let’s wait for further investigations to know a little more about the origin of this cyber attack… At the time of writing this article, the hospital has stated that it will not pay any ransom.