France

August 29, 2022: $10 Million Ransom Demand Disables French Hospital – Patients Send Elsewhere.

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. CHSF serves an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and even lives, of people in a medical emergency. "This attack on the computer network makes the hospital's business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement (translated).

French cybersecurity journalist Valéry Riess-Marchive identified signs of a LockBit 3.0 infection. If LockBit 3.0 is responsible for the attack on CHSF, it will violate the RaaS program's rules, which prohibit affiliates from encrypting systems of healthcare providers.

February 15, 2021: Crypto-virus RYUK Attacks French Hospitals in Lyon Area

Hôpital Nord-Ouest, the hospital group for the North of Lyon, reported two hospitals were stricken with ransomware attacks, and a third pre-emptively cut connections with an IT provider, in less than a week. Surgeries were postponed and emergency patients re-routed to other facilities as each hospital site’s team set up limited procedures to ensure the exchange of information necessary for patient care, as well as a crisis unit to organise the operation of all three sites. The attack by the crypto-virus RYUK, a kind of ransomware, "strongly impacts" the Villefranche, Tarare and Trévoux sites of the North-West Hospital, the hospital said in a statement.

Following the attack, French President Emmanuel Macron said his office plans to inject one billion euros (US$1.21 billion) into the country’s cyberdefense.

March 25, 2021: REvil Ransomware Shut Down Multiple Plants at Asteelflash

Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. While Asteelflash has not publicly disclosed an attack, BleepingComputer found this week a sample of the REvil ransomware that allowed access to the Tor negotiation page for their cyberattack. LeMagIT, a French cybersecurity news portal, reported an Asteelflash representative stated that "the incident is being evaluated." Neither BleepingComputer nor LeMagIT could confirm whether the attack was successful in encrypting files on affected systems.

The company's press release states: "Asteelflash has detected a cyber security incident during a routine check by its IT teams. We immediately took action to contain the REvil-type ransomware and limit its spread. We have not been in touch with the Hackers" There are no details about the company's intentions regarding the ransom.

December 19, 2021: Global IT Firm Recovering From Ransomware Attack

Global IT services company, Inetum Group, suffered a ransomware attack December 19, impacting operations in France.
While the global company suffered the hit in France, its operations were ongoing in other parts of the world. Among the multiple sectors the company works with are energy and utilities, aerospace, automotive, and chemicals and life sciences. The company said none of the main infrastructures, communication, collaboration tools or delivery operations for its clients ended up affected.

September 20, 2021: French Container Operator Hit By Attack

French container operator, CMA CGM S.A. suffered a cyberattack with unknown hackers leaking part of its customer information, officials said Monday.
The world’s third biggest boxship operator said the “limited customer information” leak includes names, positions, emails and phone numbers.

May 13, 2021: Toshiba Hit In DarkSide Ransomware Attack

Toshiba Tec Corp. fell victim late last week to a ransomware attack by the same organization that hit Colonial Pipeline, only this assault had an impact in Europe.
Japan-based Toshiba Tec Corp operates through two business segments, the retail solutions segment and the Printing Solutions segment where manufacture products including barcode scanners, Point-of-Sale (PoS) systems, printers, and other electrical equipment. The target in the attack appears to be the company’s French subsidiary.

January 1, 2009: Computer Failure Causes Jet Crash

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

January 1, 2003: Nachi Worm on Advanced Process Control Servers

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

December 1, 2020: Security Provider, Stormshield, Hit In Cyber Attack

Security provider Stormshield revealed a security incident that resulted in unauthorized access to a technical portal and a “leakage” of some parts of the SNS (Stormshield Network Security) source code.

February 18, 2021: French Boat Maker, Beneteau, Hit By Cyberattack

French boat manufacturer Beneteau SA suffered a cyberattack which is now resulting in the company slowing down or stopping some of its production. The company first noticed the attack, which it is calling a malware intrusion, during the night of Feb. 18 to Feb. 19. The company quickly disconnected its information systems to prevent a further spread.

May '21 update on consequences of cyber attack:
3-4 weeks production shutdown at several plants; OT systems such as numerical control machines impaired; "Almost all of the year's growth evaporated in this ordeal"

Pin It on Pinterest

Scroll to Top