HQ/EMEAFind out how we can help your business
Barts Health NHS Trust employees have spent a week wondering if the BlackCat ransomware group has stolen their employer’s IT systems. Moreover, the concerns increased after the ransomware group threatened the company that they would expose the alleged stolen data.
However, the group has already leaked some of the workers’ personally identifiable information to prove the legitimacy of their attack. The exposed proof also included CVs, financial details, driver’s licenses, and passports.
It is currently unclear how much patient or medical data is compromised during the attack. This potential cybercriminal threat could have a massive impact on everyone since Barts manages five hospitals and claims to serve nearly 2.5 million individuals.
The BlackCat group continues to terrorise healthcare entities and their data.
According to the initial investigation, the notorious BlackCat ransomware group claims responsibility for the attack against the healthcare entity. They have been rampaging, scouring, and harvesting sensitive data from this sector.
Researchers noted that BlackCat is directly affiliated with Russia’s DarkSide cybercriminal organisation. The group adopts a so-called triple extortion operation for their campaigns. During its early days, the ALPHV group offered its service as a ransomware-as-a-service that allowed other actors to rent their malware to attack devices, encrypt files, and require ransom in exchange for complete restoration.
However, the BlackCat ransomware group became famous after employing a double extortion tactic in their recent operations. The group’s strategy is to steal a target’s data and threaten to expose the information unless the victim provides payment.
In the incident that compromised the Barts NHS Trust in London, the attackers might have stolen as much as seven terabytes of data. These miscreants threatened the entity that they would release on June 30 unless the affected entity provided the payment. Unfortunately, the deadline has expired.
The threat actors might have skipped the ransomware encryption stage of the attack and gone straight to stealing the data. Fortunately, Barts Hospital has yet to record any misuse of the stolen data, and no one has experienced disruption because of the attack.
Experts believe the empty threats and the invasion could have been a simple heist of non-significant information.
