The NoEscape Ransomware Attack on Le CHRSM

The NoEscape ransomware gang has attacked Le CHRSM. Le CHRSM is a hospital in Namur, Belgium. NoEscape posted Le CHRSM to its data leak site on June 14th, claiming to have stolen 127GB of data.

A note on Le CHRSM's website reads: "We are the victims of a cyberattack that is impacting the operation of our hospitals. Consult here for all the regularly updated information. Our teams are doing their best to maintain hospital activity as well as possible. Thank you for understanding."

NoEscape: A Ransomware-as-a-Service Operation

NoEscape is a ransomware-as-a-service operation. The ransomware builder interface allows affiliates to customize various settings when creating the ransomware executables. However, the primary function of NoEscape is to encrypt files.

Victims of NoEscape receive a note informing them that their network has been breached and infected by a group called NoEscape. The message reveals that all of their company documents, databases, and other crucial files have been encrypted. Additionally, the perpetrators have also obtained the victims' confidential documents, personal data, and sensitive information.

To regain access to their files, the victims are instructed to make a payment in exchange for a special recovery tool. Non-compliance with this demand will result in the victims' files remaining encrypted indefinitely and the stolen information being offered for sale on the darknet.

To facilitate the payment process, the victims are advised to download and install the TOR browser and access a specific link provided in the note. They must then enter their ID and follow the accompanying instructions. The directive explicitly warns the victims against making any modifications or attempting file recovery on their own, emphasizing that only the perpetrators possess the ability to restore the encrypted files.