Ransomware Gang Runs Off With $670K by Threatening New Jersey Hospital With Data Leak
In early September 2020, a ransomware gang known as SunCrypt threatened a Newark, New Jersey, hospital by publishing 240GB of patient information and other sensitive data in return for $670,000. The SunCrypt group operates by infiltrating networks, stealing unencrypted extremely sensitive files, and then re-encrypting the data before ransoming it for money. The SunCrypt gang publicly posted 48,000 documents that belonged to the University Hospital of New Jersey in Newark. A delegate for the hospital contacted the group to negotiate the publishing of additional patient data.
UHNJ did not protect patient data
During a conversation between the ransomware cybercriminals and the hospital that was intercepted by BleepingComputer, there is a strange negotiation of a ransom demand. Once a sample of the stolen data was published on SunCrypt’s site, the hospital contacted the group through its Tor payment website, where the $1.7 million ransom to not release additional sensitive data was demanded. The cybercriminals graciously told the hospital representative that due to the current COVID-19 situation, the ransom amount was negotiable.
Since UHNJ only had two encrypted servers, it was incredibly concerned about releasing patient data and was willing to pay the ransom to prevent its being released. It is unclear as to the information contained in the stolen files, but the ransomware gang claimed it had incredibly private information such as Social Security numbers, ID scans, dates of birth, and illness types.
After negotiations, the hospital agreed to pay the settled ransom of 61.90 bitcoins (around $672,000 at the time of the request), so the hospital forwarded the money to a specific web address. On September 19, the bitcoin blockchain logged a transfer of 61.9 bitcoins to the cybercriminals’ address. After the transaction was finalized, the ransomware gang told the UHNJ delegate that the hospital did a great job. As part of the negotiation, SunCrypt agreed to provide a security report, all stolen data, and an agreement to not attack UHNJ again or disclose any of the stolen data.
The security report from the cybercriminals noted that they were able to access the data files after the network was compromised by an employee falling for a phishing scam that sent network credentials to the group. The cybercriminals proceed to log in to UHNJ’s Citrix server by which they gained network access and could steal the files.
SunCrypt’s post-negotiation response
In conversations with ransomware operators SunCrypt, DoppelPaymer, Nefilim, CLOP, and Maze, experts learned that these groups will not target hospitals or health care and medical organizations due to the pandemic. Netwalker, another ransomware gang, was the only organization stating that it would continue to target health care locations.
Protection against data breaches
With only two encrypted servers and hundreds of thousands of data files, the UHNJ network was an inevitable target for a data breach. If a hospital can be attacked by ransomware, then any business in any industry across the globe is susceptible. Luckily, there is a solution – managed information technology services.
This function is created to protect all information on your network through third-party monitoring and management. TREYSTA is one such firm that offers managed IT services that are affordable and deliver highly skilled virtual IT professionals to manage technology. Since they focus on limiting or eliminating exposure to cyber threats, they utilize the latest technology to block cybercriminals from any network.
TREYSTA’s managed IT team consists of specialized technology experts in a variety of fields, including a client technology manager with support staff who can solve all IT problems, a virtual chief information officer to help with technology planning, and a help desk for basic questions or to report issues. TREYSTA uses remote monitoring and management software to monitor network issues like the problems faced by UHNJ. The firm also utilizes a network analysis and discovery tool to provide an entire overview of your network. Finally, TREYSTA has professional services automation software that allows you to track service tickets and view work reports.
Ensuring your network is protected is critical, especially in industries where sensitive patient data is received, stored, transferred and accessed. Instead of taking the same chance as UHNJ, get protected today with managed IT services from TREYSTA!
