DailyPost 2777
RANSOMWARE ATTACK – RANSOM REFUSED
Ransomware attacks today are by far the most serious of the cyber breaches and have completely changed the landscape in the history of hacking. Paying ransom has become the norm, some accepted that they did so, while others having paid, did not reveal it to the outside world. Not paying is not an option seems to be the logical conclusion, if we go by its history. Why does it happen so? Firstly, there is hardly any chance of the accused being brought to book, secondly, the operations of the impacted enterprise comes to a grinding halt and thirdly, getting back to operational normalcy is time taking, cumbersome and complex, if it does happen and the cost is very prohibitive.
Under the given circumstances paying ransom has turned out to be the option of choice. Ransomware-as-a-service and double extortion sword has added a dimension to this crime, unheard of in the history of most complex and most paying crimes. For the first time in the recorded history of ransom payments of cyber breaches, French hospital CHC-SV refused to pay LockBit extortion demand. Maybe earlier some would not have made the payment, and could have tried other means to sort out this issue, but outright rejection and its communication to hackers, seems to be a welcome dimension in this war of attrition.
The French hospital announced on X that it had received a ransom demand by LockBit 3.0 ransomware operation. They in turn forwarded it to the Gendarmerie and the National Agency for Information Systems Security (ANSSI). The health care organization tweeted that they would not be paying the ransom. They also promised to inform the impacted individuals, if the actor begins leaking data. It was on April 17, the 840-bed hospital announced that its operations have been severely impacted by a cyber-attack. This had forced the hospital to take all computers offline.
All non-emergency procedures and appointments had to be rescheduled. The LockBit ransomware group added CHC-SV on the extortion list on the darkweb. They also threatened that the first sample pack of the files stolen in a day. This is a well known operandi for the ransomware groups to prove their bona fide. The FBI action on this group through Operation Cronos and simultaneous release of decryptor had an adverse impact on this group. Despite this, ransomware project was back in a week, setting up new data leak sites and using updated encryptors and ransom notes. We have a long battle against ransomware.
REJECTING RANSOMWARE IS A POSITIVE TURN IN OUR BATTLE AGAINST RANSOMWARE.
Sanjay Sahay
Have a nice evening.