Par
Clemence Pays
Published on
Dec 23 2024 at 4:37 p.m.
See my news
Follow News Rennes
Audio version generated by IA
More than two months after the events, the General Directorate of the National Gendarmerie announced the ” resolution “ of the incident “thanks to a large-scale technical investigation carried out by the National Cyber Unit” (UNC). An individual was arrested.
As a reminder, the Grand Ouest hospital group (GHGO), manager of nine establishments in Brittany and Pays de la Loire, was victim of a “major cyberattack, DDOS attack type (1)between October 2 and 4, 2024, seriously disrupting the continuity of care.”
Among the impacted establishments, the La Sagesse mutual clinic, in Rennes, was particularly affected.
A ransom demanded
On October 4, the information systems of La Sagesse are paralyzed by the cyberattack, leading to the postponement of several surgical interventions and forcing the group to operate “in degraded mode”, recalls the National Gendarmerie.
Cybercriminals demand a ransom of $650,741 to unblock the systems but rapid technical investigation helps put an end to this threat.
Quickly, the Center for the Fight against Digital Crimes (C3N) of the UNC took charge of the investigation and “mobilized its investigators to analyze the traces left by the attackers.
“The investigations carried out in collaboration with the cyber gendarmes of the Rennes research section made it possible to accurately trace the origin of the attack,” continues the National Gendarmerie.
An “internal compromise”
By analyzing the data collected, the investigators highlight “indications of internal compromise, directing research towards a former information systems security manager (CISO) of the group”.
“Key technical elements”, such as the IP address of the suspect, made it possible to identify him as being behind the attack.
The suspect tried in 2025
Tuesday, December 17, “a legal operation allowed the arrest of the suspect at his home, where several computer equipment was seized for analysis,” announced the National Gendarmerie on Monday, December 23.
The individual was referred to the Paris judicial court on Thursday December 19, 2024 and will appear on February 6, 2025.
“This rapid resolution of the attack was made possible thanks to the technical expertise and exemplary coordination between the UNC C3N and its Rennes branch,” concludes the Gendarmerie.
(1) Distributed Denial of Service. This is a denial of service or distributed denial of service attack, which aims to make a server inaccessible by sending multiple requests until it is saturated or by exploiting a security vulnerability in order to to cause a breakdown or seriously degraded operation of the service. Source: cybermalveillance.gouv.fr
Follow all the news from your favorite cities and media by subscribing to Mon Actu.