Back to the news. How hospitals in the Dordogne countered an extremely dangerous cyberattack

“There had been the beginnings the day before,” recalls Vincent Genot, responsible for the security of the information systems of the 11 hospitals of the group. “Part of the servers started to malfunction…

“There had been the beginnings the day before,” recalls Vincent Genot, responsible for the security of the information systems of the 11 hospitals of the group. “Part of the servers started to malfunction. We noticed that a malicious program was on some of the 200 servers. »

If the detection could be made, it is thanks to an antivirus named Darktrace. This eponymous British company presents itself as “the world leader in artificial intelligence in cybersecurity”. She sold her system to Périgord hospitals two months before the attack. Just in time to avoid the worst.

500 machines infected

Because the principle of this artificial intelligence is to scan the network to learn user behavior, with the aim of identifying what is normal use and, by contrast, what is abnormal and potentially a cyberattack to be blocked. In this case, the machine started learning when the virus was probably already there. “We had 500 infected machines, reveals Vincent Genot. The standard antivirus had not seen the threat because it used classic programs, but hijacked them. »

This is the principle of Ryuk, a software designed by a cybercriminal organization. Its principle: lock the computer to make it unusable, in order to force its owner to pay for access to his own data. This is what happened at Dax hospital in February 2021, paralyzing the establishment.

However, in the Dordogne, Ryuk moved quietly, infecting computers one by one, and expanding his web as far as possible. But the lockdown hadn’t happened yet. “Fortunately, otherwise, the hospital would not recover,” analyzes the security manager. The consequences would have been cataclysmic. »

“We saw the attack in real time”

Thanks to the S-Secure antivirus and Orange Cyberdéfense (which was the conductor of the crisis management), rapid action was taken on the 2,000 computers in the Dordogne hospitals. “We contained the threat with a firewall that surgically cut off the actions of the virus. Meanwhile, users saw no difference and kept working. The Dordogne is one of the rare cases where Ryuk’s attack could be stopped in the middle of the ford. We are the first administration to have seen the attack in real time. »

Apart from locking computers, hackers also try to get money in exchange for not disclosing data. Because in addition to encrypting data, the virus downloads health information and its designers threaten to make these very sensitive elements public. Luckily, none of that happened.

We would love to say thanks to the writer of this short article for this amazing content

Back to the news. How hospitals in the Dordogne countered an extremely dangerous cyberattack


Find here our social media profiles as well as the other related pageshttps://yaroos.com/related-pages/