Ransomware Attacks Have Entered a ‘Heinous’ New Phase

In February, attackers from the Russia-based BlackCat ransomware group hit a doctor follow in Lackawanna County, Pennsylvania, that is a part of the Lehigh Valley Well being Community (LVHN). On the time, LVHN said that the assault “concerned” a affected person picture system associated to radiation oncology remedy. The well being care group mentioned that BlackCat had issued a ransom demand, “however LVHN refused to pay this legal enterprise.” 

After a few weeks, BlackCat threatened to publish knowledge stolen from the system. “Our weblog is adopted by plenty of world media, the case might be extensively publicized and can trigger important injury to your corporation,” BlackCat wrote on their dark-web extortion website. “Your time is operating out. We’re able to unleash our full energy on you!” The attackers then launched three screenshots of most cancers sufferers receiving radiation remedy and 7 paperwork that included affected person data.

The medical photographs are graphic and intimate, depicting sufferers’ bare breasts in varied angles and positions. And whereas hospitals and well being care amenities have long been a favorite target of ransomware gangs, researchers say the state of affairs at LVHN might point out a shift in attackers’ desperation and willingness to go to ruthless extremes as ransomware targets more and more refuse to pay.

 “As fewer victims pay the ransom, ransomware actors are getting extra aggressive of their extortion methods,” says Allan Liska, an analyst for the safety agency Recorded Future who makes a speciality of ransomware. “I feel we’ll see extra of that. It follows intently patterns in kidnapping circumstances, the place when victims’ households refused to pay, the abductors would possibly ship an ear or different physique a part of the sufferer.”

Researchers say that one other instance of those brutal escalations got here on Tuesday when the rising ransomware gang Medusa printed pattern knowledge stolen from Minneapolis Public Colleges in a February assault that got here with a $1 million ransom demand. The leaked screenshots embrace scans of handwritten notes that describe allegations of a sexual assault and the names of a male pupil and two feminine college students concerned within the incident.

“Please word, MPS has not paid a ransom,” the Minnesota faculty district mentioned in a statement at first of March. The varsity district enrolls greater than 36,000 college students, however the knowledge apparently comprises information associated to college students, employees, and fogeys relationship again to 1995. This week, Medusa posted a 50-minute-long video through which attackers appeared to scroll by means of and assessment all the info they stole from the college, an uncommon method for promoting precisely what data they presently maintain. Medusa provides three buttons on its dark-web website, one for anybody to pay $1 million to purchase the stolen MPS knowledge, one for the college district itself to pay the ransom and have the stolen knowledge deleted, and one to pay $50,000 to increase the ransom deadline by in the future.

“What’s notable right here, I feel, is that previously the gangs have at all times needed to strike a steadiness between pressuring their victims into paying and never doing such heinous, horrible, evil issues that victims don’t need to cope with them,” says Brett Callow, a menace analyst on the antivirus firm Emsisoft. “However as a result of targets aren’t paying as typically, the gangs at the moment are pushing more durable. It is unhealthy PR to have a ransomware assault, however not as horrible because it as soon as was—and it is actually unhealthy PR to be seen paying a company that does horrible, heinous issues.”