The Hôpital de Cannes - Simone Veil (CHC-SV) in France revealed that it has received a ransom demand from the Lockbit 3.0 ransomware gang and refused to pay the ransom.
On April 17, the 840-bed hospital announced a serious operational disruption caused by a cyberattack, forcing it to shut down all computers and reschedule non-emergency procedures and appointments.
Earlier this week, the establishment revealed on X that it had received a ransom demand from the Lockbit 3.0 ransomware operation, which it referred to the Gendarmerie and the National Agency for Information Systems Security (ANSSI).
At the same time, the LockBit ransomware organisation added CHC-SV to their darkweb extortion site, warning to release the first sample pack of files stolen during the attack before the end of the day.
The healthcare organisation tweeted that they will not pay the ransom and will notify affected individuals if the threat actors begin leaking data.
“In the event of a data release potentially belonging to the hospital, we will communicate to our patients and stakeholders, after a detailed review of the files that may have been exfiltrated, about the nature of the stolen information.”
Meanwhile, the hospital's IT workers are currently working to restore compromised systems to normal operational status, as internal inquiries into the incident continue.
Ruthless stance
The FBI's disruption of the LockBit ransomware-as-a-service operation through 'Operation Cronos' and the simultaneous release of a decryptor in mid-February 2024 have had a negative impact on the threat group.
Affiliates have lost faith in the project, and others have chosen to remain anonymous for fear of being identified and prosecuted.
Despite the inconvenience, the ransomware operation relaunched a week later, with fresh data leak sites and updated encryptors and ransom demands.
LockBit's attitude regarding assaults on healthcare providers has always been ambiguous at best, with the group's leaders failing to enforce the declared restrictions on affiliates carrying out attacks that compromised patient care.
The attack on CHC-SV confirms the threat group's utter disdain for the sensitive topic of preventing disruptions to healthcare services.