University Hospital has been a New Jersey state educational institution that provides medical care to residents since 1994. It has a budget of $ 626 million and employs more than 3.500 staff, has 519 beds and more than 172.000 annual outpatient visits.
This is a ransomware group, which started its activities in October 2019 but was not very active. However, in recent months they have come to the fore, after the creation of their website.
As he found BleepingComputer the data published by malicious agents seem to belong to the University Hospital.
Of the 240 GB of data allegedly stolen, the attackers have leaked a 1,7 GB file containing more than 48.000 documents.
The leaked data contained information such as a patient information license, copies of driving licenses, social security numbers (SSNs), dates of birth and records for the Board of Directors.
According to a source discovered by BleepingComputer, a hospital employee became infected with the TrickBot trojan in late August. When one computer is infected by TrickBot, usually resulting in its complete occupation network from ransomware.
TrickBot leads to Ryuk ransomware attacks and occasionally Maze ransomware attacks. Now TrickBot mainly promotes ransomware Conti.
While Maze denies any affiliation with SunCrypt, SunCrypt ransomware providers have told BleepingComputer that it is part of the Maze Cartel. Additionally, when it infects a victim, SunCrypt will connect to an IP address previously associated with Maze.