fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Jersey Hospital Paid Ransomware Gang $670K To Prevent Data Leak

New Jersey Hospital Paid Ransomware Gang $670K To Prevent Data Leak

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info.

The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of the data.

After the SunCrypt operators publicly posted an archive of 48,000 documents belonging to UHNJ, a representative of the hospital contacted the threat actors via their dark web payment portal to negotiate the stopping of any further publishing of patient data.

Paid to protect their patients’ data

In a conversation seen by BleepingComputer between the hospital and the ransomware operators, we get a glimpse into the strangely cordial negotiation of a criminal ransom demand.

After a sample of the hospital’s private stolen data was published on SunCrypt’s data leak site, the hospital contacted the threat actors via their Tor payment site, where they were told that the ransom was $1.7 million. The attackers told them that this ransom, though, “is negotiable due to COVID-19 situation.”

As UHNJ only had two servers encrypted, they were more concerned about the releasing of patient’s data and were willing to pay a ransom to prevent it from being released any further.

“We want to prevent any further leakage of our data and that is why we are here talking with you,” UHNJ told the ransomware operator.

It is not entirely clear what information was contained in the stolen files, but the ransomware operators claimed to have “ID scans, DOB, SSN, illness type.”

After a series of back-and-forth negotiations, they agreed to a ransom of $672,744, or 61.90 bitcoins, and the hospital sent a payment to the given bitcoin address.

The bitcoin blockchain shows that 61.9 bitcoins were sent to the ransomware operation’s bitcoin address on September 19th.

After negotiations were completed, the ransomware operator told UHNJ, “You did a great job too. Our management owes us.”

As part of the negotiations, the ransomware operators agreed to provide a decryptor, all stolen data, a security report, and an agreement not to disclose any stolen data or attack UHNJ again.

According to the security report received by UHNJ, their network was compromised after an employee fell for a phishing scam and provided their network credentials.

Also Read: 4 Easy Guides To Data Breach Assessment

The ransomware operators then used these stolen network credentials to log in to UHNJ’s Citrix server and gain access to the network.

BleepingComputer has contacted UHNJ via phone and email for comment before publishing this article but did not receive a response.

SunCrypt states they will no longer target hospitals

In March, as the Coronavirus pandemic was surging worldwide, BleepingComputer contacted different ransomware operations to see if they would attack healthcare and medical organizations.

The CLOP, DoppelPaymer, Maze, and Nefilim ransomware operators stated that they would not target hospitals and decrypt for free any encrypted by mistake.

Netwalker ransomware was the only one who responded that any organization, including an encrypted hospital, would have to pay.

Data breach journalist ‘Dissent Doe’ of Databreaches.net recently reported that they contacted SunCrypt after noticing UHNJ’s data was removed from the ransomware data leak site.

In a conversation, the SunCrypt ransomware operators told Dissent Doe that they would no longer target healthcare organizations.

“We don’t play with people’s lives.  And no further attacks will be carried against medical organizations even in this soft way,” SunCrypt told databreaches.net.

Unfortunately, this comes too late for UHNJ.

Also Read: Privacy Policy Template Important Tips For Your Business

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us