Black Bear MSSP Blog Spot

RansomHub Strikes Again

Written by Michael Cullen | Sep 18, 2024 10:31:30 AM

 

 

 

Download my Ultimate Guide to Ransomware NOW!

𝗥𝗮𝗻𝘀𝗼𝗺𝗛𝘂𝗯 𝗦𝘁𝗿𝗶𝗸𝗲𝘀 𝗔𝗴𝗮𝗶𝗻: 𝗧𝘄𝗼 𝗛𝗶𝗴𝗵-𝗣𝗿𝗼𝗳𝗶𝗹𝗲 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗙𝗮𝗹𝗹 𝗩𝗶𝗰𝘁𝗶𝗺 𝘁𝗼 𝗦𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗲𝗱 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗔𝘁𝘁𝗮𝗰𝗸

From the Desk of Black Bear MSSP

In recent weeks, two prominent institutions have fallen prey to a devastating ransomware attack carried out by the notorious group, RansomHub. Millinocket Regional Hospital in Maine and Cardiology of Virginia are the latest casualties in a growing list of high-profile targets that have been exploited by this sophisticated threat actor.
 
𝗠𝗶𝗹𝗹𝗶𝗻𝗼𝗰𝗸𝗲𝘁 𝗥𝗲𝗴𝗶𝗼𝗻𝗮𝗹 𝗛𝗼𝘀𝗽𝗶𝘁𝗮𝗹: 𝗔 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗔𝗰𝗰𝗲𝘀𝘀 𝗛𝗼𝘀𝗽𝗶𝘁𝗮𝗹 𝘄𝗶𝘁𝗵 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗗𝗮𝘁𝗮 𝗮𝘁 𝗥𝗶𝘀𝗸
 
On July 26, 2024, Millinocket Regional Hospital was targeted by RansomHub, who claimed to have exfiltrated 10 GB of sensitive data from the hospital's systems. The attackers' primary vector is believed to be phishing emails or exploiting unpatched software vulnerabilities.
 
𝗧𝗵𝗲 𝗰𝗼𝗺𝗽𝗿𝗼𝗺𝗶𝘀𝗲𝗱 𝗱𝗮𝘁𝗮 𝗶𝗻𝗰𝗹𝘂𝗱𝗲𝘀:
 
Names
Addresses
Social Security numbers
Medical treatments
Health insurance information
 
𝗖𝗮𝗿𝗱𝗶𝗼𝗹𝗼𝗴𝘆 𝗼𝗳 𝗩𝗶𝗿𝗴𝗶𝗻𝗶𝗮: 𝗔 𝗧𝗮𝗿𝗴𝗲𝘁 𝗳𝗼𝗿 𝗥𝗮𝗻𝘀𝗼𝗺𝗛𝘂𝗯'𝘀 𝗦𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗲𝗱 𝗔𝗽𝗽𝗿𝗼𝗮𝗰𝗵
 
In a separate incident, Cardiology of Virginia was hit by RansomHub in September 2024. The exact threat vector used is still unknown, but the attack suggests that the group has refined its tactics to bypass traditional security measures.
 
𝗧𝗵𝗲 𝗰𝗼𝗺𝗽𝗿𝗼𝗺𝗶𝘀𝗲𝗱 𝗱𝗮𝘁𝗮 𝗶𝗻𝗰𝗹𝘂𝗱𝗲𝘀:
 
Client information (no further details available)
 
𝗪𝗵𝗮𝘁 𝗖𝗮𝗻 𝗣𝗮𝘁𝗶𝗲𝗻𝘁𝘀 𝗗𝗼 𝗜𝗳 𝗧𝗵𝗲𝘆 𝗦𝘂𝘀𝗽𝗲𝗰𝘁 𝗧𝗵𝗲𝗶𝗿 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗪𝗮𝘀 𝗖𝗼𝗺𝗽𝗿𝗼𝗺𝗶𝘀𝗲𝗱?
 
If you suspect your personal information was compromised in either of these incidents, it's essential to take immediate action. Here are some steps you can follow:
 
Monitor Your Credit Reports : Keep a close eye on your credit reports and statements for any suspicious activity.
 
Contact the Hospital or Cardiology Clinic : Reach out to Millinocket Regional Hospital or Cardiology of Virginia directly to inquire about the status of their investigation and what steps they are taking to protect patient data.
 
Report Any Incidents : If you notice any unusual transactions or discrepancies on your accounts, report them to the relevant authorities immediately.
 
𝗧𝗵𝗲 𝗚𝗿𝗼𝘄𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗼𝗳 𝗥𝗮𝗻𝘀𝗼𝗺𝗛𝘂𝗯: 𝗪𝗵𝗮𝘁 𝗪𝗲 𝗞𝗻𝗼𝘄 𝗦𝗼 𝗙𝗮𝗿
 
RansomHub is a relatively new ransomware group believed to have roots in Russia. They operate as a Ransomware-as-a-Service (RaaS) group, where affiliates receive 80% of the ransom paid by victims, while the group takes 20%. This business model makes it more challenging for law enforcement and cybersecurity experts to track down the perpetrators.
 
Download my guide on ransomware protection:
 
 
Stay informed, stay safe!