2024-05-02 14:06:57
They have retained their power to cause harm, despite the action of police around the world. The international operation Cronos last February, carried out against the Lockbit hackers, only brought a temporary halt. Two months later, hackers claimed responsibility for a cyberattack against the Simone-Veil hospital in Cannes, which had been partially paralyzed since April 16.
In a press release, the establishment admitted to having been the victim of a large-scale computer attack: “General cybercontainment was one of the first decisions of the crisis unit. This radical decision was taken very quickly in all sectors. All computer access was consequently cut off.
Experts from the National Information Systems Security Agency (Anssi) and Orange Cyberdéfense intervened to take stock of the damage and block the attack. Two weeks later, its leaders admitted to having been the subject of an extortion attempt, also called data blackmail.
61 GB of published internal data
As is often the case in ransomware attacks, the cybercriminals demanded a ransom in exchange for the stolen data and threatened to distribute it. This threat was carried out with the publication during the night of Wednesday to Thursday of 61 GB of internal data on their Darknet site.
According to the information we were able to consult, no patient records appear in these files. Rather, these are internal notes, trombinoscopes or waiting lists for a drug, supplemented with some personal data of the beneficiaries. In short, the exfiltrated data more closely resembles the contents of a hard drive than those of a hospital server.
Slowed down by the police crackdown, Russian-speaking hackers have resumed their activities at full speed. “They never really disappeared and quickly rebuilt their infrastructure while maintaining their capabilities. What didn’t kill them made them stronger,” said Pascal Le Digol, cybersecurity expert at WatchGuard Technologies.
The strategy of this group, which trades in Russian, has also changed since the operation which aimed to discredit them. Health establishments were spared and they became targets like any other. “There had only been a few slip-ups by their affiliates, the little hands behind the attacks, but they no longer mind attacking hospitals, like a wounded animal which now bites harder,” analyzes Pascal Le Digol .
❗️Press release
The Cannes Simone Veil hospital center confirms that the data published on the evening of May 1 belongs to it.
— Cannes Simone Veil CHC-SV Hospital (@hopitaldecannes) May 2, 2024
The Cannes hospital recognized this Thursday in a press release that the data published did indeed belong to it and confirmed the filing of a complaint and a report to the CNIL. But also a gradual return to normal: “The activity of the hospital has resumed its almost ordinary course. The normal functioning of its information system is being restored at a sustained pace in accordance with the action plan defined at the start of the crisis. »
#Cannes #resurrected #Lockbit #hackers #distribute #internal #data #hacked #hospital