Breach Response Hotline, Call 833.997.7327

Contact Us

Breach Response Hotline, Click to Call

Contact Us

RansomExx

RansomExx Ransomware Group Performs Disruptive Attack

Caleb Boma | February 11th, 2021

 

According to Bleeping Computer, French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a cyberattack by the RansomExx ransomware group that has severely disrupted the company’s operations. MNH is the first mutual insurance company in France to provide health insurance services, and plans focused on the health sector. The company’s website is used by members to generate insurance quotes or to manage services and benefits. Since the attack, the mnh.fr website has displayed a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites and telephone platforms to become unavailable.

Details of the RansomExx Ransomware Attack

The MNH has been undergoing a cyber attack since Friday, February 5, 2021. Computer systems have been disconnected for security reasons. “Our websites (mnh.fr, members’ area, corresponding and elected extranets), as well as our telephone platform (3031), are temporarily unavailable. The processing times for your requests are extended,” Gérard Vuidepot, CEO of MNH, states in the notice on the MNH website.

An independent researcher discovered a tor site with negotiation set up for MNH and the threat actors responsible for the attack. Evidence shows the site belongs to the ransomware group, RansomExx, which was rebranded from Defray777. We covered this group in December, and they have some unique attack methods. RansomExx operators try to encrypt as many files as possible before running any commands to avoid detection. SpearTip’s ShadowSpear® Platform stops these attacks by immediately alerting our engineers of malicious activity so they’re able to properly counter the attack and keep partners secure.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.

Categories

Connect With Us

Facebook Twitter Youtube Linkedin

Featured Articles

Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024
Ransomware Experiments
Ransomware Experiments on Developing Countries
15 May 2024
Credential Stuffing Attacks
Credential Stuffing Attacks Using TOR: Okta Warning
13 May 2024
Cybersecurity Gap
Close Cybersecurity Gaps through Analysis and Architecture Review
10 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Schedule a Demo Today

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
Subscribe

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
Learn more

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
Schedule a Demo

24/7 Breach Response: US/CAN: 833.997.7327

Main Office: 800.236.6550

Email Us

1714 Deer Tracks Trail, Suite 150

St. Louis, MO 63131

Navigation

Connect With Us

Twitter Linkedin Facebook

©2024 SpearTip, LLC. All rights reserved.