Ransomware Gang Runs Off With $670K by Threatening New Jersey Hospital With Data Leak

In early September 2020, a ransomware gang known as SunCrypt threatened a Newark, New Jersey, hospital by publishing 240GB of patient information and other sensitive data in return for $670,000.

Ransomware Gang Runs Off With $670K by Threatening New Jersey Hospital With Data Leak

In early September 2020, a ransomware gang known as SunCrypt threatened a Newark, New Jersey, hospital by publishing 240GB of patient information and other sensitive data in return for $670,000. The SunCrypt group operates by infiltrating networks, stealing unencrypted extremely sensitive files, and then re-encrypting the data before ransoming it for money. The SunCrypt gang publicly posted 48,000 documents that belonged to the University Hospital of New Jersey in Newark. A delegate for the hospital contacted the group to negotiate the publishing of additional patient data.

UHNJ did not protect patient data

During a conversation between the ransomware cybercriminals and the hospital that was intercepted by BleepingComputer, there is a strange negotiation of a ransom demand. Once a sample of the stolen data was published on SunCrypt’s site, the hospital contacted the group through its Tor payment website, where the $1.7 million ransom to not release additional sensitive data was demanded. The cybercriminals graciously told the hospital representative that due to the current COVID-19 situation, the ransom amount was negotiable.

Since UHNJ only had two encrypted servers, it was incredibly concerned about releasing patient data and was willing to pay the ransom to prevent its being released. It is unclear as to the information contained in the stolen files, but the ransomware gang claimed it had incredibly private information such as Social Security numbers, ID scans, dates of birth, and illness types.

After negotiations, the hospital agreed to pay the settled ransom of 61.90 bitcoins (around $672,000 at the time of the request), so the hospital forwarded the money to a specific web address. On September 19, the bitcoin blockchain logged a transfer of 61.9 bitcoins to the cybercriminals’ address. After the transaction was finalized, the ransomware gang told the UHNJ delegate that the hospital did a great job. As part of the negotiation, SunCrypt agreed to provide a security report, all stolen data, and an agreement to not attack UHNJ again or disclose any of the stolen data.

The security report from the cybercriminals noted that they were able to access the data files after the network was compromised by an employee falling for a phishing scam that sent network credentials to the group. The cybercriminals proceed to log in to UHNJ’s Citrix server by which they gained network access and could steal the files.

SunCrypt’s post-negotiation response

In conversations with ransomware operators SunCrypt, DoppelPaymer, Nefilim, CLOP, and Maze, experts learned that these groups will not target hospitals or health care and medical organizations due to the pandemic. Netwalker, another ransomware gang, was the only organization stating that it would continue to target health care locations.

Protection against data breaches

With only two encrypted servers and hundreds of thousands of data files, the UHNJ network was an inevitable target for a data breach. If a hospital can be attacked by ransomware, then any business in any industry across the globe is susceptible. Luckily, there is a solution – managed information technology services.

This function is created to protect all information on your network through third-party monitoring and management. TREYSTA is one such firm that offers managed IT services that are affordable and deliver highly skilled virtual IT professionals to manage technology. Since they focus on limiting or eliminating exposure to cyber threats, they utilize the latest technology to block cybercriminals from any network.

TREYSTA’s managed IT team consists of specialized technology experts in a variety of fields, including a client technology manager with support staff who can solve all IT problems, a virtual chief information officer to help with technology planning, and a help desk for basic questions or to report issues. TREYSTA uses remote monitoring and management software to monitor network issues like the problems faced by UHNJ. The firm also utilizes a network analysis and discovery tool to provide an entire overview of your network. Finally, TREYSTA has professional services automation software that allows you to track service tickets and view work reports.

Ensuring your network is protected is critical, especially in industries where sensitive patient data is received, stored, transferred and accessed. Instead of taking the same chance as UHNJ, get protected today with managed IT services from TREYSTA!

Contact Us for Your IT Project Management Needs

An experienced IT Project Management expert from TREYSTA will add expertise gained from many previous projects of different sizes. Your business will benefit from the Project Manager’s industry-specific knowledge of equipment and processes, cost management know-how, and people skills.

Are you ready to stop worrying about the many aspects of an IT project that could go wrong? Call us today, and let us supply the expertise you need to manage infrastructure projects, business continuity plans, business analysis, office relocations, data center setup, and more.

Treysta Provides Exceptional Client IT Services Check Out Some Of Our Services

Managed IT Services

TREYSTA removes IT from your daily anxiety list with managed IT services supported by local IT service professionals.  Nothing outsourced.

Network Security

Organizations are taking huge steps to prevent intruders from breaking into their offices. TREYSTA makes sure the computer network doors are locked and security system armed.

Business Continuity

The COVID-19 pandemic opened the eyes of many business owners who were not ready to put their business continuity strategies into place.  TREYSTA makes sure everything is good to go, when the next disaster strikes.