{
	"id": "37cc5251-afd6-4bf8-bf22-7501ea315e53",
	"created_at": "2026-04-06T00:21:30.806053Z",
	"updated_at": "2026-04-10T03:20:28.561563Z",
	"deleted_at": null,
	"sha1_hash": "481f7c27621cfecaa802d37879e5de76a10f2b6b",
	"title": "French MNH health insurance company hit by RansomExx ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3628893,
	"plain_text": "French MNH health insurance company hit by RansomExx ransomware\r\nBy Lawrence Abrams\r\nPublished: 2021-02-10 · Archived: 2026-04-05 17:29:13 UTC\r\nFrench health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has\r\nseverely disrupted the company's operations. BleepingComputer has learned.\r\nMNH is the first mutual insurance company in France to provide health insurance services, and plans focused on the health\r\nsector.\r\nThe company's website is used by members to generate insurance quotes or to manage services and benefits.\r\nhttps://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nSince the attack, the mnh.fr website displays a notice stating that it has been affected by a cyberattack that started on\r\nFebruary 5th. This attack has caused their websites and telephone platform to become unavailable. \r\n\"The MNH has been undergoing a cyber attack since Friday, February 5, 2021 . Computer systems have been disconnected\r\nfor security reasons.\r\n\"Our websites (mnh.fr, members' area, corresponding and elected extranets) as well as our telephone platform (3031) are\r\ntemporarily unavailable. The processing times for your requests are extended,\" Gérard Vuidepot, CEO of MNH, states in the\r\nnotice on the MNH website.\r\nNotice on the MNH website\r\nTwo days ago, an independent security researcher shared a Tor web page with BleepingComputer that acts as a ransom\r\nnegotiation page for the MNH attack.\r\nThe page links to the mnh.fr website and dictates how the threat actors will negotiate with the company. It also advises\r\nMNH to use a protonmail account when negotiating and not contacting the police, or the police will seize their bank\r\naccounts.\r\nhttps://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nPage 3 of 5\n\nMNH Tor ransom negotiation site\r\nThe site offers the ability to send the ransomware gang a single email to start negotiations and perform test decryption of a\r\nsingle file.\r\nThis Tor site belongs to a ransomware operation called RansomExx, a rebranded version of the Defray777 ransomware. \r\nWhile this ransomware group has been in operation since 2018, it became much more active in June 2020 when it rebranded\r\nas RansomExx and began to target high-profile organizations.\r\nLike other human-operated ransomware operations, RansomExx will compromise a network and begin harvesting\r\nunencrypted files for their extortion attempts.\r\nAfter gaining access to an administrator password, they deploy the ransomware on the network and encrypt all of its\r\ndevices.\r\nUnlike most other ransomware operations, RansomExx also created a Linux version to ensure they can target all critical\r\nservers and data in an organization.\r\nSome of the RansomExx gang's high-profile attacks in the past include Brazil's government networks, Texas Department of\r\nTransportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies.\r\nBleepingComputer has attempted to contact MNH about this attack but has not received a reply.\r\nhttps://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/"
	],
	"report_names": [
		"french-mnh-health-insurance-company-hit-by-ransomexx-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434890,
	"ts_updated_at": 1775791228,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/481f7c27621cfecaa802d37879e5de76a10f2b6b.pdf",
		"text": "https://archive.orkl.eu/481f7c27621cfecaa802d37879e5de76a10f2b6b.txt",
		"img": "https://archive.orkl.eu/481f7c27621cfecaa802d37879e5de76a10f2b6b.jpg"
	}
}