Since this Sunday, August 21, the Sud-Francilien Hospital Center in Corbeil-Essonnes has been the victim of blackmail on its completely blocked computer devices. The hackers are asking for $10 million to release the data. The hospital refuses to pay the ransom. Decryption with Damien Bancal, founder of the Zataz site and specialist in cybercrime.
RFI: Give in to blackmail or negotiate with cybercriminals, what should C managers do?between Hospitalier Sud-Francilien in Corbeil-Essonnes?
Damien Bancal: In any case, negotiating with this kind of population is unthinkable, they will promise to erase the data, it’s a lie. They’ve already copied them, stored them in right-to-left servers on the internet. They promise you to erase everything, not to broadcast anything, but they have already sorted. This information will allow other cyber attacks to be launched, perhaps under your name. So, there are more or less honest negotiators who will lower prices.
►Also read: France: a hospital victim of a cyberattack, hackers demand 10 million dollars
I will give you a very concrete example: a company contacted me asking me: “we have to negotiate because we have lost everything, we have no backup, how can we negotiate? “I know they have found a way to reduce” this ransom note at a cost they considered justifiable. But you have to stop hiding your face when a hacker tells you: ” Ouch trust, you give me money and I destroy everything “. That’s clearly trusting the devil, and you’re no smarter than the devil.
Experts from the National Information Systems Security Agency were dispatched to the scene to conduct the investigation and help the hospital restore its digital systems.
The hospital called on the National Information Systems Security Agency (ANSSI), the national computer security system agency, they also called on a very well-known cybersecurity company which will allow first to know where the hackers got in, what they were able to do, and how long they had been in the machines. Computer hackers, we have a lot of cases where they have been there for several weeks, where they have had time to reassemble different computers, different machines.
Then, once there has been security, everything will have to be put back in place: software, health, administrative and other processes. So that’s going to take some time. And we still realize that they had already put in place certain elements. As proof, they are attacked on Sundays, and from Monday, they were able to be able to dispatch patients, to alert and to be able to try to continue a semblance of service.
The gendarmes of the Center for the Fight against Digital Crime are trying to identify the group behind the attack. But this difficult investigation will take time…
We have no official information today on what type of group of hackers is hidden in this type of cyberattack. The hospital, which does not want to talk about it, wants to keep it a secret as long as possible to avoid making too much publicity to these pirates who would like to brag about it.
We are not going to hide the face, there are four, five, really very active groups at the moment on the network. One of them is Russian speaking, his name is LockBit. The problem is that these groups use dozens, even hundreds of little soldiers who go to work for the highest bidder. So they can work for one group on Monday, Tuesday for another group. The important thing for them is business, and they say so. But they will very quickly realize that there will be no payment. And they’re going to get revenge, it doesn’t matter if it’s a hospital, they’re going to release whatever they stole.
►Also read: France: the State launches a new alert system against cybercrime