France to step up cyber defense after malware attacks in hospitals

Nitin MisraFebruary 18, 21 anssi, ransomware

French President Emmanuel Macron on Thursday unveiled a plan to better arm public institutions and private businesses against cybercriminals following ransomware attacks at two hospitals this month and a resurgence of similar cyber attacks in France.

The attacks on the hospitals of Dax and Villefranche-sur-Sa ne have caused the transfer of some patients to other establishments while the French health system is under pressure from the coronavirus pandemic.

Macron discussed the attacks with officials and employees at both hospitals, saying the incident “shows how very serious, sometimes vital, the threat is.”

“We are learning of these new attacks, some coming from States in the context of new conflicts between nations, others coming from mafias”, declared the French leader during a videoconference. Some attacks have criminal or profit motives, others are used to destabilize countries, he added.

Macron spoke of a massive hack into U.S. federal agencies last year and the theft of vaccine documents from the European Medicines Agency in November.

He stressed the need for international cooperation between police and criminal justice agencies after Ukrainian authorities confirmed that a ransomware program known as Egregor had been dismantled in the country earlier this month in following joint action by the United States, France and Ukraine.

Macron’s office said the government would allocate around 500 million euros ($603 million) to help strengthen cyber defense systems in the public and private sectors.

The French National Cybersecurity Agency (ANSSI) reported that ransomware attacks jumped 255% in 2020 compared to the previous year. All sectors and geographic areas of the country have been included, but the increase particularly concerns the health sector, the education system, local authorities and digital service providers, ANSSI said.

In ransomware attacks, cyber criminals infect computers or computer systems with viruses that scramble and lock data until the targeted users pay a ransom.

Villefranche-sur-Saone hospital, located north of the city of Lyon, said its phone system went down in a cyberattack on Monday that forced a preventive shutdown of internet service and other networks for prevent the spread of ransomware.

The hospital also had to postpone surgeries scheduled for the next day. but said patient safety was preserved.

Dax hospital in southwest France reported a similar attack last week. Without working phones or computers, health workers had to use pen and paper for record keeping.

The French cybersecurity agency is participating in the investigation into the attacks.

ANSSI indicated on Monday that an attack similar to that used by Russian hackers targeted software distributed by the French company Centreon, resulting in the violation of several French entities from the end of 2017 to 2020.

“This campaign has several similarities with previous campaigns attributed to the intrusion set named Sandworm,” ANSSI said in a statement Monday.

Sandworm is a Russian military hacking group that, according to US security officials and cybersecurity experts, intervened in the 2016 US presidential election, stealing and exposing Democratic National Committee emails and breaking into the voter registration databases.

The group has also been blamed by the US and UK governments for the June 2017 NotPetya cyberattack, which targeted companies operating in Ukraine. It caused at least $10 billion in damage around the world, including the Danish maritime multinational Maersk.