{
	"id": "d962ffa2-134f-4349-895a-fd1531dd17d5",
	"created_at": "2026-04-06T00:15:22.961504Z",
	"updated_at": "2026-04-10T03:26:47.152991Z",
	"deleted_at": null,
	"sha1_hash": "f2125616aede53c888a0ede0116a852813e835d5",
	"title": "French hospital CHC-SV refuses to pay LockBit extortion demand",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3832283,
	"plain_text": "French hospital CHC-SV refuses to pay LockBit extortion demand\r\nBy Bill Toulas\r\nPublished: 2024-05-01 · Archived: 2026-04-05 16:48:53 UTC\r\nThe Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0\r\nransomware gang, saying they refuse to pay the ransom.\r\nOn April 17, the 840-bed hospital announced a severe operational disruption caused by a cyberattack that forced it to take all\r\ncomputers offline and reschedule non-emergency procedures and appointments.\r\nYesterday, the establishment announced on X that it has received a ransom demand by the Lockbit 3.0 ransomware\r\noperation, which it forwarded to the Gendarmerie and the National Agency for Information Systems Security (ANSSI).\r\nhttps://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAt the same time, the LockBit ransomware group added CHC-SV on their extortion portal on the darkweb, threatening to\r\nleak the first sample pack of files stolen during the attack by the end of the day.\r\nLockBit threatens to leak stolen data soon\r\nBleepingComputer\r\nThe healthcare organization tweeted that they will not pay the ransom and promised to inform impacted individuals if the\r\nthreat actors begin leaking data.\r\n“In the event of a data release potentially belonging to the hospital, we will communicate to our patients and stakeholders,\r\nafter a detailed review of the files that may have been exfiltrated, about the nature of the stolen information.”\r\nMeanwhile, the hospital’s IT staff are still fighting to bring impacted systems back to normal operational status, as internal\r\ninvestigations on the incident remain ongoing.\r\nHurt but still ruthless\r\nFBI’s disruption of the LockBit ransomware-as-a-service operation via ‘Operation Cronos’ and the simultaneous release of a\r\ndecryptor in mid February 2024, have had an adverse impact on the threat group.\r\nAffiliates have lost their trust in the project, and some members opted to lay low in fear of identification and prosecution.\r\nhttps://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/\r\nPage 3 of 4\n\nDespite the disruption, the ransomware project performed a restart only a week later, setting up new data leak sites and using\r\nupdated encryptors and ransom notes.\r\nLockBit’s policy about attacks on healthcare providers has always been muddy at best, with the group's leaders not\r\nenforcing the declared restrictions on affiliates performing attacks that impacted patient care.\r\nThe attack on CHC-SV acts as a confirmation of the threat group’s complete disregard for the sensitive matter of avoiding\r\ndisruption of healthcare services.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/\r\nhttps://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/"
	],
	"report_names": [
		"french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand"
	],
	"threat_actors": [
		{
			"id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5",
			"created_at": "2022-10-25T16:07:23.797925Z",
			"updated_at": "2026-04-10T02:00:04.752608Z",
			"deleted_at": null,
			"main_name": "LockBit Gang",
			"aliases": [
				"Bitwise Spider",
				"Operation Cronos"
			],
			"source_name": "ETDA:LockBit Gang",
			"tools": [
				"3AM",
				"ABCD Ransomware",
				"CrackMapExec",
				"EmPyre",
				"EmpireProject",
				"LockBit",
				"LockBit Black",
				"Mimikatz",
				"PowerShell Empire",
				"PsExec",
				"Syrphid"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434522,
	"ts_updated_at": 1775791607,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f2125616aede53c888a0ede0116a852813e835d5.pdf",
		"text": "https://archive.orkl.eu/f2125616aede53c888a0ede0116a852813e835d5.txt",
		"img": "https://archive.orkl.eu/f2125616aede53c888a0ede0116a852813e835d5.jpg"
	}
}