HQ/EMEAFind out how we can help your business
The King Edward VII’s Hospital hack is the latest addition to Rhysida ransomware’s victim list after rampaging through the past few months. This London-based private healthcare institution in the Marylebone district has held medical excellence since its establishment in 1899 by the Prince of Wales, later known as King Edward VII.
Unfortunately, the Rhysida group, notorious for its malicious activities since May 2023, announced that they have successfully breached the hospital’s digital infrastructure. The hackers have included King Edward VII’s Hospital in the growing list of victims on its Tor leak site. These hackers’ websites have consistently added new victims recently, making Rhysida one of the most active ransomware groups this year.
Rhysida Ransomware published images of stolen sample data to prove their participation in the King Edward VII’s Hospital hack.
As evidence of their activity in the King Edward VII’s Hospital hack, the Rhysida ransomware group published images of stolen documents on their leak site. Among the leaked data were sensitive medical reports, registration forms, x-rays, medical prescriptions, and a trove of data impacting patients and employees, including members of the Royal Family.
In addition, the hackers claim to possess a substantial amount of “sensitive data” and have initiated an auction for its release, demanding a ransom of 10 BTC. Following their modus operandi, the Rhysida group intends to sell the stolen data to a single bidder, with a public release of the information scheduled seven days after the announcement.
King Edward VII’s Hospital is not the sole victim of the Rhysida group’s rampage. The British Library and China Energy Engineering Corporation recently fell prey to their cybercriminal activities. These attacks show that the group is not picky with its targets, as it has been attacking various sectors.
The FBI and CISA issued a joint Cybersecurity Advisory for the ongoing effort in response to the escalating threat. The advisory highlights the tactics, techniques, and procedures employed by the Rhysida group, identifying IoCs associated with their attacks, including exploiting Microsoft’s Netlogon Remote Protocol and using living off-the-land strategies.
Organisations should be wary of the Rhysida group since they have been very active. They should adopt the advice the federal law enforcement agencies gave since Rhysida has proven it is one of the most dangerous groups in the wild today.
