Hackers hit Europe’s largest healthcare provider with Snake ransomware

Snake ransomware, aka Ekans, was discovered in 2019.

Hospitals and healthcare providers are already suffering due to Coronavirus pandemic but cybercriminals especially ransomware operators are playing their role to make things worse.

Cybersecurity expert Brian Krebs reported on his blog KrebsOnSecurity that Europe’s largest private hospital operator, Fresenius, has become a victim of a ransomware attack, which affected its operations.

It is worth noting that Fresenius is the leading provider of dialysis products with a 40% share in the US market for dialysis, and has a range of hospitals and inpatient and outpatient care services. 

Exclusive: Personal data of 1.41m US doctors sold on a hacker forum

Based in Bad Homburg, Germany, Fresenius confirmed that its technology systems have been attacked with a computer virus. The attack did limit its operations to some extent but the patient care service is not disrupted.

Matt Kuhn, Fresenius’ spokesperson told Krebs that,

“While some functions within the company are currently limited, patient care continues. Our IT experts are continuing to work on solving the problem as quickly as possible and ensuring that operations run as smoothly as possible.”

Brian Krebs was informed by a relative working for one of Fresenius’ businesses in the United States that its computers have been attacked with Snake ransomware, aka Ekans. This ransomware was discovered in 2019 and so far it has been used in attacks targeting the industrial sector. 

Snake ransomware mainly attacks Windows-based systems and encrypts files/data with a five-character file extension that is selected randomly. Then it displays a note on the screen and sends the victim a ransom note via email. The attacker usually demands payment in cryptocurrency. 

Snake ransomware ransom note.

Security researchers claim that Snake is unique ransomware because it looks for IT processes linked with enterprise management tools and larger ICS (industrial control systems) including manufacturing and production networks.




The recent attack on Fresenius isn’t too surprising as there were reports since January that Snake ransomware operators have launched a global campaign to infect businesses and enterprise networks. After staying low for a while, Snake operators resurfaced with a big blow to a wide range of organizations around the world from 4th May.

This isn’t the only high-profile data breach that a ransomware operators have carried out as previously they have targeted IT giant Cognizant, drug testing service Hammersmith Medicines Research LTD, and cyber insurance service Chubb in a similar manner.

Last month, the Department of Health and Human Services (HHS) in the United States and the Czech Republic’s second-largest hospital in Brno also suffered cyberattacks. The hospital was forced to shut down its operation due to the attack.

Moreover, ID Ransomware, ransomware detecting service, reported a huge rise in ransomware attacks over the last few months and apart from the German healthcare firm Fresenius, a France-based architectural firm and a prepaid debit card company have also been attacked with Snake ransomware recently.

You may also like...