The company’s website mnh.fr displays a notice stating that it has been affected by a cyberattack that began on February 5. Due to this attack, the computer system and telephone services are unavailable. Members of the insurance company use the MNH website to design insurance quotes or to manage services and benefits.
Gerard Vuidepot, CEO of MNH, stated that “the MNH has been undergoing a cyber-attack since Friday, February 5, 2021. Computer systems have been disconnected for security reasons. Our websites (mnh.fr, member area, corresponding and elected extranets) and our telephone platform (3031) are temporarily unavailable. The processing times for your requests are being extended”.
As per the reports of BleepingComputer, an independent security expert shared a Tor web page that acts as a ransom negotiation page for the MNH attack that connects to the mnh.fr website. The page directs how the cybercriminals will negotiate with the firm and also advises MNH to employ a protonmail account while negotiating and not to reach out to the cops, or the cops will seize their bank accounts.
The site provides the ability to send a single email to the ransomware gang and perform test decryption of a single file. According to BleepingComputer, this Tor site is operated by ‘RansomExx’, a rebranded version of the Defray777 ransomware. This ransomware group has been operating since 2018, after updating their name to RansomExx in June 2020 it’s modus operandi has become more potent and are targeting high-profile companies.
Some of the high-profile organizations targeted by the RansomExx group in the past include the Texas Department of Transportation (TxDOT), Konica Minolta, Brazilian government networks, IPG Photonics, and Tyler Technologies. RansomExx has designed its own Linux version to make certain that they target all critical servers and data in a firm.