Major French Hospital Group Stops Ransomware Attack with Darktrace AI
CISO of Dordogne Hospital Group says Detection is no Longer Enough; Autonomous Response is Vital for Containing Attacks
Darktrace, a global leader in cyber security AI, today announced that Antigena, its autonomous response technology, stopped a sophisticated ransomware attack at Dordogne Groupements Hospitaliers de Territoire (Dordogne GHT).
In 2021, still in the midst of the COVID-19 pandemic, Dordogne GHT selected Darktrace’s detect, respond and investigate capabilities to defend against threats across all eleven of its hospitals including across corporate and medical devices in its accident and emergency departments. Just two months after deploying Darktrace, the Group, which employs close to 5,000 staff, was targeted by Ryuk ransomware — a notorious ransomware strain known to target critical organizations across the public sector globally.
Ryuk, which was first developed by the prolific cyber-criminal organization named ‘Wizard Spider’, is known for combining advanced encryption techniques and subsequently demanding a high ransom in return for a private decryption key. It is one of the first ransomware families capable of encrypting not only data but network drives and resources. Ryuk has previously taken down entire city councils, and was responsible for an attack which hit over 200 hospitals in the US in 2021.
Darktrace AI immediately detected the initial warning signs of the attack which came in the form of some basic .dat files being downloaded onto one of the business’s devices from a previously unknown IP address.
Initially, Dordogne GHT had Darktrace’s autonomous response capability, Antigena, in ‘human confirmation mode’, where the security team must approve suggested actions. As the ransomware attack began to spread rapidly, threatening medical devices in emergency departments, the team switched to ‘active mode’ allowing the AI to take intelligent action to enforce normal operations and ultimately stop the attack.
“We have seen first-hand how a ransomware attack could bring down our systems in minutes and impact human lives,” commented Vincent Genot, CISO of Dordogne GHT. “It is clear to me that in this new era of cyber-threat, detection is no longer enough. Darktrace has invented a technology that can respond to attacks on behalf of humans, at computer speed, so that organizations can continue running normally even while under attack. This is the future of security.”
“At a time when national cyber security agencies are urging organizations to be hyper-vigilant and lock down their systems, we can be in little doubt that defenders of healthcare systems will be working to keep the bad guys out,” commented Justin Fier, VP of Tactical Risk and Response, Darktrace. “Autonomous response technology that uplifts human security teams by allowing them to make strategic decisions while the AI stops the attack before it causes disruption is critical in defending organizations vital to everyday life.”
Darktrace (DARK.L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.