The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
“This attack on the computer network makes the hospital’s business software, the storage systems, and the information system relating to patient admissions inaccessible for the time being,” explains CHSF’s announcement.
According to Le Monde, which has info from the country’s law enforcement agencies, the ransomware actors that hit CHSF demanded the payment of a ransom of $10,000,000 in exchange for a decryption key.
French cybersecurity journalist Valéry Riess-Marchive identified signs of a LockBit 3.0 infection, mentioning that the handling by the national gendarmerie is a clue pointing to that direction, as that service deals with Rangar Locker and LockBit attacks.
As Riess-Marchive explains at LegMagIT, Ragnar Locker is unlikely to be behind the attack due to a different focus on the economic size of its victims, whereas LockBit 3.0 demonstrates a broader targeting scope.
If LockBit 3.0 is responsible for the attack on CHSF, it will violate the RaaS program’s rules, which prohibit affiliates from encrypting systems of healthcare providers.