Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Rhysida. Show all posts
Stolen Data
Bitcoin Cyber Attacks Ransom Attack Rhysida Rhysida Ransomware Rhysida ransomware gang Seattle Seattle Port Stolen Data

Port of Seattle Faces $5.9 Million Ransom Demand in Rhysida Cyberattack

 

The Port of Seattle is confronting a severe cybersecurity crisis as the Rhysida ransomware group demands a ransom of 100 bitcoins (approximately $5.9 million). Rhysida, which has gained notoriety for targeting organizations worldwide, released screenshots of stolen documents, claiming they possess sensitive data such as scanned U.S. passports, Social Security numbers, and tax forms. The group has threatened to sell this data on the dark web if their ransom demands are not met within a week. 

In a joint statement with Seattle-Tacoma International Airport, the Port of Seattle has made it clear they will not pay the ransom, despite threats to publicly release the stolen data. A Port spokesperson emphasized that refusing to comply is part of their firm stance against negotiating with cybercriminals. The extent of the data breach is still under investigation, but Rhysida’s involvement suggests a sophisticated attack that exploited vulnerabilities in the port’s systems. The attack was initially detected on August 24, leading to widespread service disruptions. 

Critical systems were impacted, including baggage handling, check-in kiosks, ticketing, Wi-Fi, and digital display boards, creating significant inconvenience for travelers. The port responded swiftly, isolating affected systems to prevent further breaches. This disruption highlights the real-world consequences of ransomware attacks on essential infrastructure, raising concerns about cybersecurity preparedness in public sectors. Rhysida operates as a ransomware-as-a-service group, enabling other cybercriminals to use its platform for extortion. The group, active since June 2023, has a history of targeting multiple sectors, including government, healthcare, and critical infrastructure, with a focus on the U.S. 

According to cybercrime research platform eCrime.ch, Rhysida has claimed nearly 150 victims since its emergence, demonstrating its rapid growth and effectiveness in breaching high-value targets. The breach at the Port of Seattle emphasizes the growing threat of ransomware attacks on critical infrastructure and serves as a wake-up call for organizations to prioritize cybersecurity measures. Authorities, cybersecurity experts, and the port’s internal IT team are working together to assess the full impact of the attack and develop strategies to restore normal operations. Given the evolving tactics of ransomware groups like Rhysida, this incident underscores the urgent need for comprehensive security strategies and employee training to protect against future breaches. 

In light of this attack, cybersecurity agencies have warned other U.S. ports and critical infrastructure organizations to strengthen their defenses against similar threats. This breach represents a broader trend of ransomware groups targeting critical infrastructure, which, if left unchecked, could have far-reaching implications on national security and economic stability. The Port of Seattle’s refusal to pay the ransom aligns with federal guidelines discouraging negotiations with cybercriminals, but it remains to be seen whether this approach will mitigate the impact of the breach or provoke further retaliation from Rhysida. 

The incident serves as a stark reminder that cybersecurity threats are increasingly sophisticated, requiring organizations to adapt their defense strategies to safeguard sensitive data and operations.
Read more »
Rhysida ransomware gang
Cyber Security Data Leak data security Lawsuits Ransomware attack Ransomwares Rhysida Rhysida Ransomware Rhysida ransomware gang

Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant

 

In July, Columbus, Ohio, experienced a ransomware attack, which initially appeared to be a typical breach. However, the city’s unusual response sparked concern among cybersecurity experts and legal professionals. IT consultant David Leroy Ross, also known as Connor Goodwolf, uncovered a significant breach exposing sensitive data from various city databases, including arrest records, domestic violence cases, and personal information. 

This attack, carried out by the Rhysida Group, affected the city, police, and prosecutor’s office, with some databases going back to 1999. Goodwolf, whose expertise involves monitoring dark web activities, discovered that over three terabytes of data had been stolen. Among the exposed data were personal identifiable information, protected health information, and social security numbers. Goodwolf expressed particular concern over the exposure of sensitive information involving minors and domestic violence victims, emphasizing that they were now victimized a second time. 

Despite the serious implications, the city’s response appeared to downplay the breach. At a press conference in mid-August, Columbus Mayor Andrew Ginther claimed that the stolen data was encrypted or corrupted, making it largely unusable. Goodwolf, however, contradicted this statement, revealing that the data he found was intact and usable. When he attempted to notify city officials, he was met with resistance and a lack of cooperation. As a result, Goodwolf turned to the media, which led the city of Columbus to file a lawsuit and secure a temporary restraining order against him. The lawsuit, intended to prevent the further dissemination of sensitive information, raised concerns in the cybersecurity community. 

Legal experts pointed out that such lawsuits against data security researchers are uncommon and could have broader implications. Raymond Ku, a professor of law, noted that lawsuits against researchers typically arise when the disclosure of a vulnerability puts others at risk. However, cybersecurity professionals, such as Kyle Hanslovan, CEO of Huntress, argued that Goodwolf was acting as a responsible researcher. Hanslovan warned that this approach could set a dangerous precedent, silencing individuals who work to expose breaches. The city defended its actions, stating that it sought to prevent the release of confidential information, including undercover police identities. Although the restraining order expired, Columbus continues its civil lawsuit against Goodwolf, seeking up to $25,000 in damages. 

As Columbus works to recover from the attack, the broader implications of its actions toward Goodwolf remain a point of contention. Experts argue that the case highlights the need for a legal framework that balances the protection of sensitive information with the role of security researchers in revealing vulnerabilities. As Columbus strives to position itself as a tech hub, this legal battle could affect its reputation and relationships within the tech industry.
Read more »
Seattle Port
Airport Cyber Attacks Data Stolen Ransomware Rhysida Seattle Port

Port of Seattle Battles Ransomware Attack, Refuses to Pay

 



The Port of Seattle and Seattle-Tacoma International Airport have corroborated that the major system outages which took place late August were caused by a ransomware attack. On August 24, a cyberattack partially disrupted the critical operations at the airport with websites, emails, and phone services down and even affected some services at the airport. The attack was immediately detected and in response, the IT team decided to shut the entire system in order to prevent further damage.

Ransomware attack, by the criminal group, Rhysida, into the computer systems at the airport accessed unauthorised and encrypted some parts of their data. The spokesperson to the airport, Perry Cooper said that IT noticed some malicious activities in the system on the day of the attack and took immediate actions to stop the spread of malware. The Port of Seattle said the measures by its staff, including forensic experts and law enforcement, were effective in thwarting the attack since no further unauthorised activity was detected following the breach.

Operational Disruptions

Even with these measures being put into place, the attack had a great impact on the day-to-day running of Sea-Tac Airport. Passengers were denied the luxury of getting information on arrival and departure flight schedules from the reader boards for the past several days. The airlines at the airport could not use the digital systems and had to revert back to the old method of pen and paper for marking baggage. In addition to the others, critical services such as check-in kiosks, lost and found, Wi-Fi, and reserved parking were affected too, leaving many of both airline customers and employees greatly inconvenienced.

Its official website, portofseattle.org, is still unavailable, leaving travellers to rely on an alternate website, washingtonports.org, for information and updates. These services have been returning to normal gradually, but the attack affected a number of different parts of airport and port operations across the board.

Port of Seattle Refuses to Pay Ransom

Even at this advanced stage, the Port of Seattle has categorically rejected the ransom demands from the attackers. The executive director of the Port Steve Metruck stated in a public statement that to grant the ransom demand would go against the very purpose of the values of the Port and add nothing to its responsibility to protect the money that the taxpayer entrusts to the Port. The Port is alert to the fact that Rhysida may upload all the stolen data on the dark web in the name of retaliation, but it has been faithfully committed to not paying any ransom to criminals.

Although the nature and extent of the stolen data remain unknown, the Port has vowed to inform any employee or passenger whose personal data may have been compromised that their data was stolen.

Securing a Brighter Tomorrow

Over the past few months, other than trying to regain its systems following an attack, the Port of Seattle is also fortifying its defences against future attacks. On its part, the organisation has taken further actions to fortify its cybersecurity to prevent a future version of such attacks. Metruck says, "This has been a learning experience for us and lessons derived from this attack will be instrumental in building on a more resilient IT infrastructure." Apart from that, Port is working with partners to secure business and critical infrastructure.

Despite the hold-up caused by the attack, Port of Seattle officials assured the public that it is still safe to travel from Sea-Tac Airport and to make use of its maritime facilities. This shows commitment to maintaining the safety and the efficiency of its operations, including response and continued recovery.




Read more »
Rhysida
Cyber Attacks Dark Web Double extortion Ransomware Rhysida

Hackers Steal 6 Terabytes Data, Sells on Dark Web

Hackers Steal 6 Terabytes Data, Sells on Dark Web

The City of Columbus faces a major cybersecurity threat due to a hacking group Rhysida’s claims of stealing a massive 6.5 terabytes of sensitive information. The data heist happened after a ransomware attack on July 18 that forced the city to close down various online operations. 

Ransomware attack 

Mayor Andrew Ginther acknowledged the attack but didn’t disclose the group and the type of data compromised, only saying the attack came from an ‘established and sophisticated threat actor operating overseas.” 

Although the IT department was able to stop the hackers from encrypting the data, the hackers still got the most of it. Claiming responsibility for the attack, Rhysida is auctioning the stolen data on a dark website for sale. 

Hackers ask for Bitcoin as ransom

The ransom demand is 30 Bitcoin, which comes to around $1.9 million. The data for sale includes databases and city video camera access. The hackers promise buyers full ownership, and reselling is not allowed. In earlier attacks, if Rhysida couldn't find a buyer, they just leaked the data publicly. 

The mayor’s office is currently mute about the ongoing investigation. However, they have taken measures to save impacted employees by providing Experian credit monitoring services. The safety step extends to the whole city, judge employees, and Franklin County Municipal Court clerk. 

The mayor stressed that the threat actors’ main goal was to churn out as much money as possible, and the city is improving its cybersecurity infrastructure to avoid future attacks.

Use of Double Extortion 

According to experts, Rhysdia’s action aligns with a strategy called “double extortion.” It suggests the threat actors extracted the sensitive data before starting the encryption process. Even after the city stopped the encryption, Rhysida may still have important data. However, experts also said that Rhysida has a history of exaggerating the volume of stolen data they have claimed.

At present, the city is working to limit the crisis, the Columbus city residents await more updates and hope for an answer that prevents their sensitive data. 

“Even before the auction, some city employees were already falling victim to compromised data. Brian Steel, president of the local branch of the Fraternal Order of Police, confirmed to NBC4 that at least 12 Columbus police officers had their bank accounts hacked. However, there’s no evidence to connect this as a direct symptom of Rhysida’s attack,” reports NBC4. 

Read more »
Technology
Credit Report CyberCrime Data Breachs Federal Trade Commission FTC Gulf Coast Health System HHS IT system Ransomware Rhysida Singing River SSN Technology

Singing River Health System Suffers Major Data Breach, 895,000 Impacted

 


A ransomware attack that took place in August 2023 is now estimated to have affected 895,204 people within the Singing River Health System. The Singing River Health System operates three hospitals in Mississippi, one in Pascagoula, one in Ocean Springs, and one in Gulfport, which collectively provide over 700 beds to its patients. It is one of the largest healthcare providers in Mississippi. It employs a total of 3,500 people, and it also operates two hospices, four pharmacies, six imaging centres, ten speciality centres, and twelve medical clinics throughout the Gulf Coast region. 

The impacted hospitals were experiencing major IT system outages for several services, including laboratory testing and radiology testing. At the time, Singing River said it was working to process all paper-ordered lab tests and radiology exams as quickly as possible, depending on the priority of the exam. It was revealed by the healthcare organization on September 13, 2023, that a data breach had taken place, and in December 2023 the organization announced that 252,890 individuals were affected by the incident. 

According to a new update shared by the Maine Attorney General, the company reported that 895,204 people were affected by the incident. An August 31, 2023, disclosure from the healthcare system was the first time it reported the breach. As of the time of this writing, the US Department of Health and Human Services (HHS) Office for Civil Rights has been informed of the breach as impacting at least 501 individuals. 

The number will be determined once internal and external investigations have been completed. It has been confirmed that the data exposed to the public is a combination of full names, dates of birth, physical addresses, Social Security Numbers (SSNs), medical information, and health information, according to the latest information in the data breach report and on the organization's website. Singing River assured everyone that despite these issues, they have yet to find evidence that the threat actors were using the data to commit identity fraud or theft. 

It is also worth noting that the company also offers two-year credit monitoring services and identity restoration services to those who may be affected by this. A ransomware group known as Rhysida has been reported as responsible for the attack, making it one of the most serious cybercriminals groups targeting healthcare providers. Approximately 80% of the data that the threat actors claim to have gained from the Singing River has been exposed thus far, which includes 420,766 files totalling 754 GB in size, which comes with a catalogue of 420,766 files that they claim have gained from the Singing River. 

Threat actors will no doubt take advantage of these opportunities to generate other illicit activities, such as phishing if the stolen data includes details that can provide additional information. Due to this, recipients of the free identity restoration and monitoring services provided by the Federal Trade Commission are recommended to immediately apply for them to avoid becoming victims of such campaigns. 

A ransomware gang known as Rhysida was responsible for the attack, as well as other healthcare systems including Prospect Medical Holdings and Lurie Children's Hospital. According to the Health Sector Cybersecurity Coordination Center at HHS, the group has targeted educational institutions, the manufacturing industry, as well as the Chilean army in the past, as well as numerous other institutions.   
The IDX recommendation is that impacted individuals enrol in IDX's services as soon as possible, act with caution when responding to unsolicited communications, monitor all accounts for suspicious activity, and consider placing a security freeze on their credit reports to protect themselves. Threat actors are becoming increasingly attracted to the healthcare sector due to its data holdings and the importance of these data for a community or country, thus making it a highly attractive target for data breach attacks. 

In a cyberattack that occurred last week, DocGo, a provider of mobile medical services, was compromised. For individuals who have been impacted by the SRHS, IDX identity theft protection is offering a free twelve months of credit monitoring services provided by IDX for twenty-four hours a day. Moreover, the company offers guidance on how to prevent identity theft and fraud, which includes steps to report suspicious incidences, as well as placing fraud alerts or security freezes on the credit record to protect the information. 

As well as that, they will be providing information on how users can protect themselves from tax fraud, how to contact consumer reporting agencies, and how to get a free credit report. A report by the Singing River Health System has reviewed the account statements of individuals impacted by the breach and recommended that they monitor their credit reports and account statements closely. 

In the wake of a recent ransomware attack on the Singing River Health System, which resulted in the theft of data belonging to 895,000 individuals, authorities are urging affected persons to take immediate action. It is strongly recommended that anyone who suspects they may be a victim of identity theft or fraud report these incidents to the appropriate authorities without delay. 

Key organizations to contact include the Federal Trade Commission (FTC), which handles consumer complaints and can guide users in protecting their identity. Additionally, individuals should reach out to their state's Attorney General's office, which often has resources and support for victims of identity theft. Reporting the incident to local law enforcement is also crucial, as it helps authorities track and investigate such crimes. By taking these steps, individuals can not only protect themselves from further harm but also assist in the broader effort to combat cybercrime and bring those responsible to justice.
Read more »
Rhysida ransomware gang
British Library Cyberattack Data Breach Rhysida Rhysida ransomware gang

Rhysida: The New Ransomware Group Behind British Library Cyberattack


This week, ransomware group – Rhysida – claimed responsibility for the attack on the British Library, that was witnessed last month, where the library’s personal data was compromised and later sold on online forums. 

While the name of the threat actors is indeed new to the list, the tactic however remains conventional. Ransomware gangs use malware to infect computers within an organization, making the contents unreadable. They then demand payment, usually in Bitcoin, to unlock the files.

However, in recent years, ‘double extortion’ is a tactic in trend, in which a majority of ransomware groups steal the data simultaneously and threaten to leak it online.

This week, the threat actor in question – Rhysida uploaded low-quality pictures of the personal data that was obtained during the attack to the internet. On her leak site, Rhysida threatened to sell the stolen information for a starting price of 20 bitcoin, or almost £590,000.

According to Rafe Pilling, director of threat research at cybersecurity firm Secureworks, this is “a classic example of a double extortion ransomware attack and they are using the threat of leaking or selling stolen data as leverage to extort a payment.”

While the British Library is the current high-profile victim of the ransomware gang, Rhysida has also notably attacked government institutions in Portugal, Chile and Kuwait. In August, the group also claimed responsibility for attacking the US hospital group Prospect Medical Holdings.

In regards to these emerging cases, the US government agencies have released an advisory note on Rhysida, stating that the “threat actors leveraging Rhysida ransomware are known to impact “'targets of opportunity,' including victims in the education, healthcare, manufacturing, information technology, and government sectors.”

The advisory noted that the Rhysida gang has been running a “ransomware as a service” (Raas) operation, in which it deploys malware to threat actors and shares any ransom proceeds. 

Rhysida Ransomware Group

Although Rhysida’s name is relatively new to the public, according to US cybersecurity firm Secureworks, the group first came to light in 2021. Secureworks refers to the group as Gold Victor, noting that it runs a ransomware scheme called Vice Society. 

While the Rhysida gang's precise identity is unknown, Pilling assumes that it adheres to a pattern of comparable operators who are typically from Russia or the Commonwealth of Independent States, which is made up of Kazakhstan, Belarus, and Russia.

“I would assume that they are probably Russian-speaking but we don’t have any hard evidence,” said Pilling.

The US agencies claim that groups using the Rhysida ransomware have gained access to systems through virtual private networks (VPNs), generally used by staff to access their employers' systems from distant locations. They have also used the well-known tactic of phishing attacks, in which victims are duped—typically through email — into clicking on a link that downloads malicious software or divulges personal information like passwords.

After gaining access to the systems, the gang continues to lurk in the system for a while, in order to evade detection. According to Securework, when compared to that of 2022, this dwell time has now been significantly reduced to less than 24 hours for cybercrime groups. 

The US agencies further note that, like other members of the criminal hacking community, Rhysida attackers frequently seek cryptocurrencies as payment for their extortion. Ransomware gangs are drawn to digital assets like Bitcoin because they are decentralized, meaning they operate outside of traditional financial systems and avoid routine checks. Additionally, transactions can be hidden, making them more challenging to follow.  

Read more »
Stolen Data
British Library Data Breach ransomware attacks Ransomware Gangs Rhysida Rhysida ransomware gang Stolen Data

British Library Staff Passports Leaked Online, Hackers Demand £600,000 Ransom


In a ransomware attack, the British Library staff passports have been leaked online, where the threat actors are demanding a ransom of £600,000 (to be paid in Bitcoin) in order to retrieve the stolen documents. 

The responsibility of the attack has been claimed by ransomware gang Rhysida. The group has listed the library as their victim over its darknet forum, where it has leaked the low resolution snippets of the stolen information. The gang is offering to auction the further information for 20 Bitcoin, or about £600,000, to the highest bidder.

As a result of the attacks, the library’s operations have been disrupted for weeks. The stolen data includes images of passport photos and HMRC employment records. 

In the darknet website, the listing for the British Library reads, “With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”

The aforementioned listing appeared on the website on Monday, where the group has demanded the ransom to be paid till November 27.

In regards to this, Emisoft’s threat analyst, Brett Callow says that the data “auction” was effectively a “continuation of the extortion attempt” by the gang.

British Library Cyber Attack

The cyberattack on the British Library started in late October, where the attackers stole large chunks of the library’s website. 

Staff at the archive's St Pancras location have been compelled by the disruption to disable the public Wi-Fi and only accept cash payments for some transactions.

Staff at the archive's St Pancras location have been compelled by the disruption to disable the public Wi-Fi and only accept cash payments for some transactions.

The British Library released the following statement on Monday: "We are aware that some data has been exposed, after confirmation last week that this was a ransomware attack. It looks like these are from our own HR records.”

“We have no evidence that data of our users has been compromised.”

The National Cyber Security Centre (NCSC), which is affiliated with GCHQ, and the Metropolitan Police are collaborating with the library to strengthen its IT infrastructure and carry out a forensic examination.

Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”  

Read more »
Rhysida
Cyberattack CyberCrime cybercriminals Health HHS malware PMH Ransomware Vendetta Rhysida

Ransomware Vendetta: Rhysida Group Strikes Prospect Medical, Warns of Auctioning Stolen Data

 


It has been claimed that Rhysida, an ever-evolving ransomware group, is responsible for the recent cyberattack on Prospect Medical Holdings during which hospitals and medical facilities in four states have been attacked. As a result, Prospect Medical Holdings was forced to take its systems down earlier this month. 

The Prospect Health Group operates 16 hospitals in California, Connecticut, Pennsylvania, and Rhode Island, as well as more than 165 clinics and outpatient facilities throughout these states. According to Callow, many US healthcare systems have been affected by ransomware this year, infecting at least 53 hospitals under their control, and at least 20 of these organizations have had their data stolen as a result of the attack. 

The Department of Health and Human Services issued an alert earlier this month to warn people about Rhysida, a ransomware-as-a-service group that first arose in mid-May. The group is currently in its infancy and does not have some advanced features such as plaintext strings that reveal registry modification commands as well as some advanced features such as plaintext strings that display registry management commands. 

There have been major attacks on organizations in several sectors including education, government, manufacturing, technology, and managed service providers by Rhysida. As part of its ongoing data leak investigation, the Federal Bureau of Investigation has revealed that most of the data stolen from eleven victims have been uploaded to the threat actor's data leak site between June and the beginning of August. 

As a result of a cyberattack launched by the Rhysida ransomware group on Prospect Medical Holdings, the group claims to have gained access to 500,000 social security numbers, confidential corporate records, and patient records from the company. 

A ransom note was reportedly displayed on employee screens the day after the attack, warning that their network had been compromised and their devices had been encrypted as a result of the attack, which was believed to have occurred on August 3rd. 

There is a claim that Rhysida has more than one terabyte of stolen data on her hands, along with an SQL database containing more than 1.3 terabytes of data. In the listing on the dark web, the group offered to sell the data for 50 bitcoin, which would equate to roughly $1.3 million, based on the listing that was made available. 

BleepingComputer later found out that the Rhysida ransomware gang was behind the attack even though PMH did not respond to questions about the security incident. According to current reports, PMH hospital networks, including CharterCare, have been able to successfully restore the functionality of the hospital networks' systems. However, efforts remain ongoing to make sure that patient records are reinstated as soon as possible. 

Earlier this month, the Department of Health and Human Services (HHS) warned that the hacker group Rhysida seemed to be responsible for recent attacks against healthcare organizations, with a claim of responsibility for the attack on Prospect Medical. Described by the Department of Health and Human Services (HHS) as a new ransomware-as-a-service (RaaS) group, Rhysida has emerged since May 2023. 

An HHS official said the group encrypts a target's networks through Cobalt Strike and phishing attacks to breach their targets' networks and plant their malicious payloads on those networks. Once the victim has not paid the ransom, the group threatens the victim by releasing all of the data that has been exfiltrated. HHS has indicated that Rhysida is still in its infancy and there are limited advanced features that it has developed, as evidenced by its name Rhysida-0.1, and the lack of advanced features. 

According to the report, the ransomware also leaves PDF notes in the affected folders instructing victims to contact the group through their portal and pay in Bitcoin. There are numerous countries across Western Europe, North and South America, as well as Australia that have been affected by Rhysida and its victims. 

It is primarily focused on the education, government, manufacturing technology, and managed services industries that are attacked by these cyber criminals. As exemplified by the attack on PMH, they have recently attacked the healthcare and public health sectors, and this has had a significant impact on the healthcare industry. There have been several ransomware gangs who have claimed credit for attacks in the past, including Rhysida, said Emily Phelps, director at Cyware.
Read more »
US Department of Health and Human Services
Cyber Attacks Medical Data Personal Data Breach Prospect Medical Holdings ransomware attacks Rhysida Rhysida ransomware gang US Department of Health and Human Services

Rhysida Ransomware Group: Social Security Numbers, Passport Data Compromised in Recent Hospital Attack


On Thursday, the Rhysida ransomware gang confirmed to have been behind the recent cyberattack on Prospect Medical Holdings, as reported by a dark web listing reviewed by Axios.

Apparently, the ransomware gang stole more than 500,000 Social Security numbers and copies of the company’s employees’ driving licenses and passports. Also, other legal and financial documents are said to be compromised.

Prospect Medical Holdings—currently operating 16 hospitals spread across four U.S. states—confirms that the ransomware attack was launched earlier this month, because of which they have been facing issues in their online operations.

Moreover, several elective surgeries, outpatient appointments, blood drives and other services are put to hold owing to the attack. 

According to a Prospect spokesperson, the company was unable to comment on the suspected data leak due to "the sensitivity of the incident and law enforcement involvement."

"Prospect Medical continues to work around-the-clock to recover critical systems and restore their integrity[…]We are making significant progress. Some operational systems have been fully restored and we are in the process of bringing others online," the spokesperson said. 

Rhysida Ransomware Group 

Rhysida confirmed Prospect as one of its victims on its dark web site this Thursday, stating that it had taken 1.3 terabytes of SQL data and 1 terabyte of "unique" files.

Certainly, if the ransom demands are not fulfilled, the ransomware group has threatened the firm to expose their victims’ names to their site. 

Rhysida, in a listing, says that it will auction off "more than 500,000 SNNs, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!"

The auction apparently ends in nine days, with 50 Bitcoins as ransom, per the listing.

Rhysida first came to light in May, however the government officials and cybersecurity professionals claim to have already known about the group, following instances of the group targeting critical infrastructure organizations in recent months.

Also, the Department of Health and Human Services (HHS) published an advisory in regards to the group, since Rhysida’s prime targets involved organizations in the health and public health sector. They further noted that Rhysida’s victims also involved firms in the education and manufacturing sectors.

HHS has advised organizations to patch known security flaws present in their systems and install data back-ups in case they are taken offline. Moreover, they recommended phishing awareness training programs for employees.  

Read more »
Subscribe to: Posts (Atom)