Skip to content
Contact us
All posts

RansomHub Strikes Again

Picture of Michael Cullen By   ยท  1 minute read

 

 

 

Download my Ultimate Guide to Ransomware NOW!

๐—ฅ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐—›๐˜‚๐—ฏ ๐—ฆ๐˜๐—ฟ๐—ถ๐—ธ๐—ฒ๐˜€ ๐—”๐—ด๐—ฎ๐—ถ๐—ป: ๐—ง๐˜„๐—ผ ๐—›๐—ถ๐—ด๐—ต-๐—ฃ๐—ฟ๐—ผ๐—ณ๐—ถ๐—น๐—ฒ ๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜๐˜€ ๐—™๐—ฎ๐—น๐—น ๐—ฉ๐—ถ๐—ฐ๐˜๐—ถ๐—บ ๐˜๐—ผ ๐—ฆ๐—ผ๐—ฝ๐—ต๐—ถ๐˜€๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ๐—ฑ ๐—ฅ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐˜„๐—ฎ๐—ฟ๐—ฒ ๐—”๐˜๐˜๐—ฎ๐—ฐ๐—ธ

From the Desk of Black Bear MSSP

In recent weeks, two prominent institutions have fallen prey to a devastating ransomware attack carried out by the notorious group, RansomHub. Millinocket Regional Hospital in Maine and Cardiology of Virginia are the latest casualties in a growing list of high-profile targets that have been exploited by this sophisticated threat actor.
 
๐— ๐—ถ๐—น๐—น๐—ถ๐—ป๐—ผ๐—ฐ๐—ธ๐—ฒ๐˜ ๐—ฅ๐—ฒ๐—ด๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—›๐—ผ๐˜€๐—ฝ๐—ถ๐˜๐—ฎ๐—น: ๐—” ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—”๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐—›๐—ผ๐˜€๐—ฝ๐—ถ๐˜๐—ฎ๐—น ๐˜„๐—ถ๐˜๐—ต ๐—ฆ๐—ฒ๐—ป๐˜€๐—ถ๐˜๐—ถ๐˜ƒ๐—ฒ ๐——๐—ฎ๐˜๐—ฎ ๐—ฎ๐˜ ๐—ฅ๐—ถ๐˜€๐—ธ
 
On July 26, 2024, Millinocket Regional Hospital was targeted by RansomHub, who claimed to have exfiltrated 10 GB of sensitive data from the hospital's systems. The attackers' primary vector is believed to be phishing emails or exploiting unpatched software vulnerabilities.
 
๐—ง๐—ต๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—ฟ๐—ผ๐—บ๐—ถ๐˜€๐—ฒ๐—ฑ ๐—ฑ๐—ฎ๐˜๐—ฎ ๐—ถ๐—ป๐—ฐ๐—น๐˜‚๐—ฑ๐—ฒ๐˜€:
 
Names
Addresses
Social Security numbers
Medical treatments
Health insurance information
 
๐—–๐—ฎ๐—ฟ๐—ฑ๐—ถ๐—ผ๐—น๐—ผ๐—ด๐˜† ๐—ผ๐—ณ ๐—ฉ๐—ถ๐—ฟ๐—ด๐—ถ๐—ป๐—ถ๐—ฎ: ๐—” ๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜ ๐—ณ๐—ผ๐—ฟ ๐—ฅ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐—›๐˜‚๐—ฏ'๐˜€ ๐—ฆ๐—ผ๐—ฝ๐—ต๐—ถ๐˜€๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ๐—ฑ ๐—”๐—ฝ๐—ฝ๐—ฟ๐—ผ๐—ฎ๐—ฐ๐—ต
 
In a separate incident, Cardiology of Virginia was hit by RansomHub in September 2024. The exact threat vector used is still unknown, but the attack suggests that the group has refined its tactics to bypass traditional security measures.
 
๐—ง๐—ต๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—ฟ๐—ผ๐—บ๐—ถ๐˜€๐—ฒ๐—ฑ ๐—ฑ๐—ฎ๐˜๐—ฎ ๐—ถ๐—ป๐—ฐ๐—น๐˜‚๐—ฑ๐—ฒ๐˜€:
 
Client information (no further details available)
 
๐—ช๐—ต๐—ฎ๐˜ ๐—–๐—ฎ๐—ป ๐—ฃ๐—ฎ๐˜๐—ถ๐—ฒ๐—ป๐˜๐˜€ ๐——๐—ผ ๐—œ๐—ณ ๐—ง๐—ต๐—ฒ๐˜† ๐—ฆ๐˜‚๐˜€๐—ฝ๐—ฒ๐—ฐ๐˜ ๐—ง๐—ต๐—ฒ๐—ถ๐—ฟ ๐—ฃ๐—ฒ๐—ฟ๐˜€๐—ผ๐—ป๐—ฎ๐—น ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ช๐—ฎ๐˜€ ๐—–๐—ผ๐—บ๐—ฝ๐—ฟ๐—ผ๐—บ๐—ถ๐˜€๐—ฒ๐—ฑ?
 
If you suspect your personal information was compromised in either of these incidents, it's essential to take immediate action. Here are some steps you can follow:
 
Monitor Your Credit Reports : Keep a close eye on your credit reports and statements for any suspicious activity.
 
Contact the Hospital or Cardiology Clinic : Reach out to Millinocket Regional Hospital or Cardiology of Virginia directly to inquire about the status of their investigation and what steps they are taking to protect patient data.
 
Report Any Incidents : If you notice any unusual transactions or discrepancies on your accounts, report them to the relevant authorities immediately.
 
๐—ง๐—ต๐—ฒ ๐—š๐—ฟ๐—ผ๐˜„๐—ถ๐—ป๐—ด ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ผ๐—ณ ๐—ฅ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐—›๐˜‚๐—ฏ: ๐—ช๐—ต๐—ฎ๐˜ ๐—ช๐—ฒ ๐—ž๐—ป๐—ผ๐˜„ ๐—ฆ๐—ผ ๐—™๐—ฎ๐—ฟ
 
RansomHub is a relatively new ransomware group believed to have roots in Russia. They operate as a Ransomware-as-a-Service (RaaS) group, where affiliates receive 80% of the ransom paid by victims, while the group takes 20%. This business model makes it more challenging for law enforcement and cybersecurity experts to track down the perpetrators.
 
Download my guide on ransomware protection:
 
 
Stay informed, stay safe!