HQ/EMEAFind out how we can help your business
A cybercriminal threat group utilising ransomware executed a SIM swap on an executive working for the Advarra medical research company.
Based on reports, these attackers are threatening to expose stolen data. The company is investigating the breach and has allegedly contained the situation immediately.
The ransomware attackers claim to have obtained data from a company that aids other organisations in conducting medical trials. They accessed an Advarra executive’s work account by hijacking their cellphone number and accounts.
They accomplished this campaign through a SIM swap, transferring the victim’s phone number to a SIM card under their control. Hence, the access enabled the actors to acquire one-time authentication codes, change account passwords, and access profiles and documents.
The attackers have claimed the incident on a dark web site related to the BlackCat extortion group that they have stolen over 120GB of confidential data related to Advarra’s customers, patients, and employees, past and present. They threatened the company that they would leak or sell the stolen information if the company did not comply with their demands. However, it remains unconfirmed whether they have successfully acquired the data.
Advarra insisted that they would not transact with any extortion attempts.
One of the managers in Advarra has contacted the alleged threat actors. Rumours have it that the company was unwilling to provide the ransom demand. On the other hand, the gang’s initial claims on the hacker forum have disappeared, leading to doubts about the legitimacy of the alleged interaction.
However, the current message on the site demands that the company comply with the demands within 24 hours, or the exfiltrated data will be publicly accessible.
Advarra, headquartered in Columbia, Maryland, offers services to organisations involved in medical research and clinical trials. A spokesperson for the company revealed that one of their colleagues fell victim to a compromise of their phone number, which the attacker used to access various accounts, including LinkedIn and their work-related account.
Ransomware groups have different ethical considerations, with some avoiding targeting certain institutions like hospitals, while others, such as BlackCat, display no such empathy.
Healthcare organisations have been frequent targets of cyberattacks due to the sensitive nature of their data and the likelihood of having insurance. Therefore, these entities and their employees should be more cautious in their digital presence since they are susceptible to threat actors who want to execute lucrative campaigns.
