Following the cyberattack on the Simone-Veil hospital in Cannes (Provence-Alpes-Côte d'Azur), which occurred on April 16, the LockBit hacker group published 61 gigabytes of confidential data. On Monday, the Russian-speaking gang claimed responsibility for the cyberattack. He then issued a ransom demand, with the threat of publishing the data in the event of non-payment of this ransom.
The ultimatum was set for Wednesday evening, and the amount demanded had not been communicated. “Public health establishments never pay ransom in the face of this type of attack”indicated Tuesday evening, the management of the Cannes hospital.
Advertisement
Health checks, identity cards, pay slips…
Two minutes after the ultimatum ended, the data was published on the LockBit site on the dark web. According to the first screenshots made public, the published data includes sensitive personal data on patients, health and psychological assessments, and confidential information on the operation of the hospital.
Data from the establishment's staff were also released, including pay slips and identity cards. The hospital center confirmed this morning in a press release that “the data published on the evening of 1er but belong to him”.
The cyberattack affecting the Cannes hospital forced it to cancel all surgical operations considered “non-urgent” and not resulting in “loss of opportunity”, and to postpone all consultations until things returned to normal. The establishment had decided to disconnect its entire IT equipment, i.e. 350 servers and 1,500 workstations. At the start of the week, work to put the computer system back into operation was still in progress, with the hospital specifying this morning that “activity has resumed its almost ordinary course”.
Advertisement
Beware of targeted phishing campaigns
The hospital center explains that it filed a complaint and alerted the CNIL and the National Information Systems Security Agency (Anssi). She specifies that a “circumstantial return” will be carried out in the coming days, with “cybersecurity tips to keep”.
The exfiltrated files could, in the days or weeks to come, be sorted and simplified, before being offered for sale on the dark web. These batches of information can enable other cybercriminals to conduct spear phishing campaigns, which link the subject line of a malicious email or text message sent to a person's activity. or to an establishment with which he is familiar.
A group of cybercriminals dismantled in February
LockBit is described by Europol as the cybercriminal group “the most prolific and dangerous in the world”. In mid-February, law enforcement agencies from eleven countries, including France, took down its main site and 34 of its servers, as part of Operation “Cronos”. A short-lived respite, since a few days later, the group of cybercriminals had restored its servers and launched a new showcase site, exposing twelve new victims.
Specializing in ransomware, the gang would have received, in the space of five years, the equivalent of 84 million euros. It is believed to be responsible for more than 2,000 cyberattacks worldwide, and 27% of ransom demands in France. In 2022, it also targeted the Corbeil-Essonnes hospital (Île-de-France), before publishing patient health data.
Selected for you