LockBit publishes confidential data stolen from Cannes hospital in France
📌LockBit is the most dangerous ransomware in the world and has been responsible for a significant number of attacks in France between April 2022 and March 2023.
📌LockBit accounted for 57% of known attacks in France during this period, which is significantly higher than its nearest competitor, ALPHV.
📌The number of monthly attacks in France has been highly volatile, with LockBit being responsible for the majority of this volatility.
📌The French economy is large enough to provide a fertile hunting ground for cybercriminals, and it is possible that some of LockBit’s affiliates have decided to specialize in attacking French targets.
📌In July 2022, La Poste Mobile, a mobile carrier owned by French postal company La Poste, suffered a LockBit ransomware attack, resulting in the publication of private information of more than a million and a half people in France.
📌In August 2022, attackers demanded $10 million after a ransomware attack on the Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital near Paris, causing disruption to computer systems and resulting in patients having to be sent elsewhere and surgeries being postponed.
📌In mid-November 2022, French defense and technology group Thales confirmed a data breach affecting contracts and partnerships in Malaysia and Italy, with the perpetrators using LockBit ransomware.
📌France was the fifth most attacked country in the world between April 2022 and March 2023, with the government sector being attacked more often than in similar countries.
📌The reasons for LockBit’s dominance in France are unclear, but it may be due to the group’s ability to exploit opportunities outside of the Anglosphere and the possibility that some of its affiliates have specialized in attacking French targets.
📌LockBit operates as a Ransomware-as-a-Service (RaaS) model, with attacks being carried out by independent criminal gangs, referred to as «affiliates», who pay the LockBit gang 20% of the ransoms they extract.
📌The true number of LockBit attacks is likely far higher than the number of known attacks, as many victims choose to pay the ransom rather than risk having their data published on the dark web.
📌LockBit has been linked to attacks on hospitals, governments, and businesses globally, causing significant harm to thousands of victims.
📌Law enforcement agencies have been working to disrupt LockBit’s operations, with several people alleged to be linked to the gang arrested in Ukraine and Poland.
📌Despite these efforts, LockBit continues to operate and launch attacks, with the group’s purported leader vowing to continue their activities.
📌The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation.
📌Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information.
📌More than $144 million in ransom payments have been made to recover from LockBit ransomware events.
📌In response to the ransom demand, CHC-SV stated, «Public health establishments never pay ransom in the face of this type of attack.»
📌The hospital also promised to notify patients and stakeholders if the ransom gang decided to publish any stolen data.
📌At the time of this report, there has been no statement from the Hôpital de Cannes regarding the alleged published data