Ransomware hits French hospital: 6000 computers end up on lockdown

Clop ransomware attack on a hospital in the north of France reminds about WannaCry in 2017

Communication in The University Hospital Centre of Rouen in northern France got crippled after the ransomware attack back on November 15th.^[1] IT staff discovered the malware attack late in the evening, and found out that all five sites the complex covers got impacted, so to prevent the serious damage, systems got shut down, and all the operations went back to pen and paper.

This decision caused many delays in services and even created a potential danger to the health of hospitalized patients, as the original report from the hospital's officials and local media articles have stated.^[2] The hospital with 10 000 staff members and 2 500 beds, is the largest healthcare building in Europe that has been affected by ransomware after the infamous WannaCry ransomware incidents.^[3]

In 2017 WannaCry affected the National Health Service in the UK, and investigations showed that 19 000 operations and appointments got canceled. The attack cost at least $92 million due to the lost access to systems and emergency IT support.^[4] Targets in the health industry remain potential victims of ransomware, and many hospitals all over the world suffer such hits.

At first, it was not determined which strain of the ransomware attacked all those 6000 computers, but almost a week after the initial hit, CryptoMix Clop ransomware^[5] was reported to be a particular strain that crippled French hospitals.^[6] Rouen University hospital officials state that many files got locked and the external storage was also corrupted, so all the operations got stopped once those files got encrypted:

The whole network is blocked, unlocking only one computer is impossible.

The hospital forced to stay in the degraded mode for three days

To keep virus damage to a minimum and protect various information about patients and staff, workers had to operate in a degraded mode. According to local media, on Monday the 18th, the hospital's IT was still operating in this mode. It takes much more than a week to restore systems to the proper functionality, and priority is protecting the ones in care.^[7]

The French National Agency for Information Systems Security got involved in helping the hospital with getting everything under control. By the same Monday afternoon, at least a quarter of the affected applications got recovered to a normal state and running. 

At first, there was no information about the ransom demand. It was believed to not be sent to anyone in relation to the hospital, but after recent reports, a few emails received the common Clop ransomware ransom note. Some rumors have surfaced stating that 1,500 euro got demanded to unlock those 6000 computers impacted, but got quickly squashed by officials. It was eventually revealed that 40 Bitcoins got demanded from the hospital.

Cryptovirus – still a huge threat to healthcare institutions in 2019

Such incidents remind previous instances when ransomware crippled huge institutions, companies, governments, and cities. However, the biggest impact such malware got was on healthcare. Necessary lines of communication need to remain closed for a while, so many caregivers and hospital services suffer issues. In this case, no patient data was affected, but attacks like this can result in serious breaches.

WannaCry was the one that targeted healthcare specifically, so anything that resembles that time in 2017 reminds about the genuine danger. Despite new technologies, lack of cybersecurity knowledge can be a profitable area for criminals and busy hospital workers the perfect targets.

The evolution in digital information and technologies, hyper-connected systems, drives ransomware creators to attack health industries even more. The malware can spread across the networks and do that widely, so our lives can be put at risk when such malware hits hospitals, where data security is especially important.

While this has brought with it many benefits, organizations have become reliant on these digital technologies; loss of data can be a critical issue, making ransoming that data a much more profitable business.