Threat actors demanded a $10 million ransom from a French hospital after hitting it with a ransomware attack last weekend.
The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night and caused major disruptions to health services.
The next morning, CHSF announced that it had initiated an emergency “white plan” after the attack made it impossible for the hospital to access its business software, storage systems (like medical imaging), and information systems related to patient admissions.
With the absence of any working computer systems, medical staff are instead having to use pen and paper.
Patients needing treatment were referred to other nearby hospitals when appropriate, while major surgical procedures were also postponed.
“This attack on the computer network of the establishment makes inaccessible for the time being all the hospital’s business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions,” the hospital said in a release.
“The National Information Systems Security Agency (ANSSI) was quickly contacted by the crisis unit. Experts have been mandated by this authority to intervene quickly”
The National Cybersecurity Agency of France (ANSSI) was quickly informed of the incident and is currently assisting in the investigation.
While not yet confirmed by the hospital, security experts believed that CHSF was hit by a strain of the Ragnar Locker ransomware. This ransomware strain also targeted DESFA, one of Greece’s major natural gas operators, in recent days.
Attacks by the Ragnar Locker ransomware group have become well-known for their techniques of demanding payment from their victims for a decryption key to recover their files and threatening to release stolen data to the public (or sell it to other cybercriminals).
At this time, it’s unknown if the hospital is prepared to begin negotiations with its attackers or not, or if it’s at all ruled out the possibility of paying the ransom.
The hospital said that the attack has currently not impacted the operation and security of the hospital building itself, and that all of its networks still remain operational.
CHSF also thanked its staff and hospital workers for their rapid response to the incident in an update posted on Monday to its official Twitter account, while emphasizing that the safety of its patients remained a top priority.