University Hospital New Jersey paid a ransom of $670,000 this month to prevent the publishing of 240 GB of stolen data, including patient info.
University Hospital New Jersey paid a ransom of $670,000 this month to prevent the publishing of 240 GB of stolen data, including patient info.
University Hospital is a state-owned independent teaching hospital with over 3,500 employees established in 1994.
The attack occurred in early September by a ransomware gang known as SunCrypt.
After the SunCrypt operators publicly posted an archive of 48,000 UHNJ documents, a representative of the hospital contacted the threat actors via their dark web payment portal to negotiate the stopping of any further publishing of patient data.
The UHNJ were more concerned about the releasing of patient data, and we're willing to pay a ransom to prevent it from being released any further as they had only two servers encrypted.
The hospital contacted the ransomware operators via their Tor payment site, and the initial demand was $1.7 million. The threat actors we're open to a negotiation of the ransom “due to COVID-19 situation.”
On September 19, the two parts agreed to pay $672,744 ransom, approximately 61.90 Bitcoins.
SunCrypt ransomware operators gave University Hospital New Jersey a decryptor, a security report, the stolen data and an agreement not to reveal any stolen data or attack UHNJ again.
“The data leak includes patient information release authorisation forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors, ” reported BleepingComputer.
According to the security reports received by UHNJ, the entry point was a phishing email that tricked an employee into providing the network credentials. The ransomware operators used these stolen credentials to gain access to the network by logging in to the UHNJ’s Citrix server.
The SunCrypt ransomware operators told Dissent Doe in a conversation that they would no longer target healthcare organizations.
"We don’t play with people’s lives. And no further attacks will be carried against medical organizations even in this soft way," SunCrypt told databreaches.net.
Unfortunately, this comes too late for UHNJ.
SunCrypt first evolved during the threat landscape in October 2019, who infiltrated a network, stole unencrypted files and then encrypt all of the data.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?