Ransomware Attack Disrupts French Pharmaceutical Distribution
Incident Date:
November 1, 2024
Overview
Title
Ransomware Attack Disrupts French Pharmaceutical Distribution
Victim
Cerp Bretagne Nord
Attacker
Hunters International
Location
First Reported
November 1, 2024
Ransomware Attack on Cerp Bretagne Nord: A Critical Disruption in Pharmaceutical Distribution
Cerp Bretagne Nord, a key player in the pharmaceutical distribution sector in France, has recently fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. This attack has not only compromised the cooperative's data but also disrupted its essential services, impacting pharmacies across multiple French regions.
About Cerp Bretagne Nord
Based in Saint-Brieuc, Brittany, Cerp Bretagne Nord is a prominent pharmaceutical distribution cooperative. With approximately 1,293 employees and an annual revenue of around $1.2 billion, the cooperative plays a significant role in the regional healthcare sector. It specializes in the distribution of pharmaceutical products and medical equipment, ensuring timely delivery to local pharmacies. The cooperative's efficient logistics system and community-oriented approach make it a standout in the industry.
Attack Overview
The ransomware attack, discovered on November 4, resulted in the exfiltration of approximately 2.1 TB of data, equating to over a million files. This breach has severely impacted Cerp Bretagne Nord's online ordering system, which is crucial for pharmacies in regions such as Bretagne, Centre-Val de Loire, Pays de la Loire, and Nouvelle-Aquitaine. The attackers have set a ransom deadline, threatening further disruption to the distribution of pharmaceutical products, which could affect patient access to medications.
Hunters International: The Ransomware Group
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service (RaaS) group known for its sophisticated attacks. Utilizing code from the defunct Hive ransomware, the group employs double extortion tactics, combining data encryption with data theft. Their malware, developed in Rust, allows for cross-platform targeting, making them a formidable threat to enterprises. The group is adept at bypassing advanced security measures, as demonstrated in previous attacks.
Potential Vulnerabilities
Cerp Bretagne Nord's reliance on digital systems for its logistics and ordering processes may have made it vulnerable to such an attack. The healthcare sector, with its critical infrastructure and sensitive data, is a frequent target for ransomware groups like Hunters International. The cooperative's disruption highlights the need for enhanced cybersecurity measures to protect against sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.