Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend.
The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services.
The following morning, CHSF announced that it had initiated an emergency “white plan” after the attack made it impossible for the hospital to access its business software, storage systems (including medical imaging), and information systems related to patient admissions.
In the absence of working computer systems, medical staff are resorting to the use of pen and paper with the inevitable disruption that can cause.
Patients requiring treatment are being referred to other hospitals in the area when appropriate, and major surgical procedures have been postponed.
The National Cybersecurity Agency of France (ANSSI) has been informed of the incident, and is assisting in the investigation.
Although not yet confirmed officially by the hospital, security experts believe that CHSF has been hit by a strain of the Ragnar Locker ransomware – which has also claimed the scalp of DESFA, one of Greece’s major natural gas operators, in recent days.
Attacks by the Ragnar Locker ransomware group have become notorious for their technique of not just demanding payment from their victims for a decryption key to recover their files, but also by threatening to release stolen data to the public, or sell it to other cybercriminals.
That certainly would be bad news if true in the case of this latest in a long line of ransomware attacks against French hospitals.
For now, it’s not known whether the hospital is prepared to enter negotiations with its attackers or not, and it is unclear whether it has definitively ruled out the possibility of paying the ransom.
Currently all the hospital has said is that the attack has not impacted the operation and security of the hospital building itself, and all of its networks remain operational.
With luck, sensitive medical information about the hospital’s patients has not fallen into the hands of cybercriminals.