{ "id": "ab1b540f-f23b-4ebf-a2b9-d48aa1c0ff8f", "created_at": "2026-04-06T00:15:30.137977Z", "updated_at": "2026-04-10T13:11:23.399562Z", "deleted_at": null, "sha1_hash": "539355317ec4ec86487710442830fc649fe06731", "title": "Louisiana was hit by Ryuk, triggering another cyber-emergency", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 169187, "plain_text": "Louisiana was hit by Ryuk, triggering another cyber-emergency\r\nBy Sean Gallagher\r\nPublished: 2019-11-21 · Archived: 2026-04-05 21:24:22 UTC\r\nOn November 15, the Charles-Nicolle University (CHU) Hospital in Rouen, France, was hit by ransomware that\r\nspread across five sites. The hospital was forced to shut down its networks to prevent the malware from spreading,\r\naccording to a report from Le Monde, and staff were forced to use paper and pencil for tracking patients. While\r\nthere were reports of a demand of a ransom payment of 1,500 euros for each of the more than 6,000 computers\r\naffected at the hospital, a hospital spokesperson denied that a ransom demand had been made and said none would\r\nbe paid. As of November 18, about 25% of the hospital’s applications had been restored.\r\nAlso on November 15, the government of the Canadian territory of Nunavut suffered a ransomware outbreak that\r\naffected about 5,000 computers territory-wide. That attack, according to Nunavut government spokesperson Chris\r\nPuglia, used a variant of DoppelPaymer ransomware; the same malware hit Mexico’s state-owned oil company\r\nPEMEX on November 12.\r\nThe PEMEX Tor payment site was widely posted on social media.\r\nThe PEMEX Tor payment site was widely posted on social media.\r\nDespite documentation of the Pemex attack, company executives have continued to deny the company was\r\naffected.\r\nhttps://arstechnica.com/information-technology/2019/11/louisiana-was-hit-by-ryuk-triggering-another-cyber-emergency/\r\nPage 1 of 2\n\n📌 #Pemex🇲🇽reitera hacer caso omiso a boletines apócrifos que circulan en medios de información y\r\nredes sociales. Toda la información referente a la empresa productiva del Estado es publicada\r\núnicamente por vías institucionales y las redes oficiales.\r\n— Petróleos Mexicanos (@Pemex) November 17, 2019\r\nAccording to security researcher Vitali Kremez, both the Nunavut and PEMEX ransomware attacks used the same\r\nTor “hidden service” Web portal. Within the portal, the actors behind the ransomware left the note rationalizing\r\ntheir attack: “We don’t care who you are and why this happens. No one died. That’s all.”\r\nWhile they may or may not use the same type of communications with victims as opportunistic attacks—\r\nDoppelPaymer uses a Web portal similar to those used by opportunistic attacks, while Ryuk keeps its\r\ncommunications over email—both of these attacks were targeted rather than opportunistic. While they may use\r\nsimilar initial compromise methods as opportunistic attacks (phishing, automated vulnerability scanning and\r\nexploitation, or attacks using Remote Desktop Protocol), targeted attacks are the product of researching a\r\ncompromised network and releasing the ransomware only after determining who the target is (and how likely they\r\nwill be to pay). As a result, they require less work for attackers because they reduce the number of victims they\r\nneed to communicate with.\r\nSource: https://arstechnica.com/information-technology/2019/11/louisiana-was-hit-by-ryuk-triggering-another-cyber-emergency/\r\nhttps://arstechnica.com/information-technology/2019/11/louisiana-was-hit-by-ryuk-triggering-another-cyber-emergency/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://arstechnica.com/information-technology/2019/11/louisiana-was-hit-by-ryuk-triggering-another-cyber-emergency/" ], "report_names": [ "louisiana-was-hit-by-ryuk-triggering-another-cyber-emergency" ], "threat_actors": [], "ts_created_at": 1775434530, "ts_updated_at": 1775826683, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/539355317ec4ec86487710442830fc649fe06731.pdf", "text": "https://archive.orkl.eu/539355317ec4ec86487710442830fc649fe06731.txt", "img": "https://archive.orkl.eu/539355317ec4ec86487710442830fc649fe06731.jpg" } }