Tag Archive for: paris

Hackers demand $10 million from Paris hospital after ransomware attack


Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend.

The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services.

The following morning, CHSF announced that it had initiated an emergency “white plan” after the attack made it impossible for the hospital to access its business software, storage systems (including medical imaging), and information systems related to patient admissions.

In the absence of working computer systems, medical staff are resorting to the use of pen and paper with the inevitable disruption that can cause.

Patients requiring treatment are being referred to other hospitals in the area when appropriate, and major surgical procedures have been postponed.

The National Cybersecurity Agency of France (ANSSI) has been informed of the incident, and is assisting in the investigation.

Although not yet confirmed officially by the hospital, security experts believe that CHSF has been hit by a strain of the Ragnar Locker ransomware – which has also claimed the scalp of DESFA, one of Greece’s major natural gas operators, in recent days.

Attacks by the Ragnar Locker ransomware group have become notorious for their technique of not just demanding payment from their victims for a decryption key to recover their files, but also by threatening to release stolen data to the public, or sell it to other cybercriminals.

That certainly would be bad news if true in the case of this latest in a long line of ransomware attacks against French hospitals.

For now, it’s not known whether the hospital is prepared to enter negotiations with its attackers or not, and it is unclear whether it has definitively ruled out the possibility of paying the ransom.

Currently all the hospital has said is that the attack has not impacted the operation and security of the hospital building itself, and all of its networks remain operational.

With luck, sensitive medical information about the hospital’s patients has not fallen into the hands of cybercriminals.

In an update posted on its official Twitter account CHSF thanked its staff and hospital workers for their…

Source…

Hackers demand $10m to end cyber attack on Paris regional hospital


Issued on:

A hospital southeast of Paris has been the victim of an ongoing cyber attack since the weekend, with disruption to emergency services and surgeries as hackers demand a ransom of $10 million to call off the digital assault.

The CHSF Hospital Centre in Corbeil-Essonnes, southeast of the French capital, has been the victim of a computer attack that began late Saturday night.

Hackers have reportedly issued a demand of $10 million dollars – in English – for the ransomware attack to be stopped.

Paris prosecutor’s office has opened an investigation into the hacking of the hospital’s computer system and the attempted extortion by an organised gang.

According to the prosecutor’s office, the investigation is being spearheaded by the gendarme’s Centre for Combating Digital Crime (C3N) division. 

This latest cyber attack is once again aimed at a hospital – a sector that has been the target of ransomware attacks for several months. 

Hospitals under fire from cyberattacks since March

Last April, the computer systems of nine hospitals in France’s Grand Est region were compromised by hackers and in March, a hospital in Ajaccio was also the victim of a ransomware cyberattack. 

In 2021, hospitals in the Landes, Haute-Garonne and Pyrénées-Atlantiques departments were also victims of cyber attacks, disrupting or shutting down their IT services.

The CHSF hospital in Essonne – which has a one-thousand bed capacity to provide medical care for a population of nearly 600,000 inhabitants in the greater Paris area – triggered a so-called “white plan” emergency operation on Sunday to ensure health services could be maintained.

The hosptial says the attack has rendered inaccessible “all the hospital’s business software, storage systems – particularly medical imaging – and the information system relating to patient admissions.”

The National Authority for the Security and Defence of Information Systems (Anssi) were “quickly alerted … and a type of ransomware has been identified”.

People who require…

Source…

Watering-hole in Hong Kong. US, EU join Paris Call. NSO C-suite turnover. ICS advisories. Rising tensions in Eastern Europe.


Attacks, Threats, and Vulnerabilities

COVID-19: North Korean hackers detected searching for vaccine manufacturing secrets (Sky News) The cyber campaign comes despite the regime in Pyongyang claiming that there are no COVID-19 cases in the country and declining three million vaccine doses from UNICEF.

North Korean hackers target the South’s think tanks through blog posts (ZDNet) Responsibility for new attacks has been laid at the feet of the Kimsuky threat group.

Lazarus hackers target researchers with trojanized IDA Pro (BleepingComputer) A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.

South Korean Users Targeted with Android Spyware ‘PhoneSpy’ (SecurityWeek) Researchers find Android malware with extensive spyware capabilities, including data theft, GPS monitoring, and audio and video recording.

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens (Zimperium Mobile Security Blog) Zimperium has discovered the active malware campaign PhoneSpy, a spyware aimed at South Korean residents with Android devices.

macOS zero-day deployed via Hong Kong pro-democracy news sites (The Record by Recorded Future) A suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day exploit chain that installed a backdoor on visitors’ computers.

Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice) “The nature of the activity and targeting is consistent with a government backed actor,” the Google researchers say.

This new Android spyware masquerades as legitimate apps (TechCrunch) The spyware has already ensnared over a thousand victims.

FBI: Iranian threat actor trying to acquire leaked data on US organizations (The Record by Recorded Future) The US Federal Bureau of Investigation says that a threat actor known to be associated with Iran is currently seeking to acquire data from organizations across the globe, including US targets.

PA alleges: NSO Group spyware used to hack foreign ministry workers’ phones (Times of Israel) Palestinian Authority asserts it has proof of…

Source…

This mobile security app could have aided responders in Paris – Geektime


Geektime

This mobile security app could have aided responders in Paris
Geektime
In the aftermath of the attacks that rocked the city of Paris on Friday night, claiming the lives of nearly 130 people and grievously wounding hundreds more, many people are already asking how the chaotic situation could have been handled differently.

“mobile security” – read more