Caleb Boma | February 11th, 2021

According to Bleeping Computer, French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company’s operations. MNH is the first mutual insurance company in France to provide health insurance services, and plans focused on the health sector. The company’s website is used by members to generate insurance quotes or to manage services and benefits. Since the attack, the website displays a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites and telephone platform to become unavailable.

The MNH has been undergoing a cyber attack since Friday, February 5, 2021. Computer systems have been disconnected for security reasons. “Our websites (, members’ area, corresponding and elected extranets) as well as our telephone platform (3031) are temporarily unavailable. The processing times for your requests are extended,” Gérard Vuidepot, CEO of MNH, states in the notice on the MNH website.

An independent researcher discovered a tor site with negotiation set up for MNH and the threat actors responsible for the attack. Evidence shows the site belongs to the ransomware group, RansomExx, which was rebranded from Defray777. We covered this group in December, and they have some unique attack methods. RansomExx operators try to encrypt as many files as possible before running any commands to avoid detection. SpearTip’s ShadowSpear® Platform stops these attacks by immediately alerting our engineers of malicious activity so they’re able to properly counter the attack and keep partners secure.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.