article featured image


Center Hospitalier Sud Francilien (CHSF), was the victim of a ransomware attack that forced the medical center to transfer patients to other facilities and put off surgeries that were already scheduled.

The hospital can accommodate 1000 patients at its full capacity and is situated only 28km from Paris city center.

The malicious actors requested a ransom of $10,000,000 in exchange for a decryption key, according to Le Monde, which is citing the french gendarmes. But until now the targeted network still has not been restored, and the hospital’s officials did not offer any further news about the ransomware hit.

How This Attack Affects Patients

The health of 600,000 citizens, who rely on medical services provided by CHSF, is now jeopardized by this ransomware attack, and even their lives could be in danger in case of a medical emergency.

“This attack on the computer network makes the hospital’s business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being,” explains CHSF’s announcement (translated), according to Bleeping Computer.

The state of patients that find themselves in need of medical attention will be assessed by CHSF’s doctors, and then they will be guided to another hospital for medical imaging in order to be treated.

“An investigation for intrusion into the computer system and for attempted extortion in an organized gang has been opened to the cybercrime section of the Paris prosecutor’s office,” a police source told Le Monde, also specifying that “the investigations were entrusted to the gendarmes of the Center fight against digital crime (C3N)”.


Who is Behind this Ransomware Hit

Until now the ransomware attack has not been attributed to a specific threat gang, but Valéry Riess-Marchive, a French cybersecurity journalist, says that are indications of a LockBit 3.0 infection. One of her arguments is the fact that the national gendarmerie is handling this case, as that service deals with Rangar Locker and LockBit attacks.

A Ragnar Locker infection was excluded because of the economic dimension of the victim, this family of ransomware preferring larger organizations. Meanwhile, LockBit 3.0 exemplifies a wider range of targeting.

All of this is just a hypothesis as the involvement of LockBit 3.0 would contravene the rules of the RaaS program, which prevents members from encrypting networks of medical providers.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.


Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo