New Jersey University Hospital in Newark, New Jersey, paid a ransom of $ 670.000 this month to hackers in a bid to prevent a 240 GB leak. data stolen during ransomware attack that took place in early September. The stolen data includes personal data of patients. The hackers of the group are behind the ransomware attack that the hospital received SunCrypt. This is a ransomware gang that infiltrates a network, steals unencrypted archives and then encrypts all the data.
After SunCrypt hackers released a file containing 48.000 hospital documents, a hospital spokesman contacted the gang via Dark web payment portal, to negotiate the cessation of any further patient data exposure.
According to BleepingComputer, after some of the data stolen from the New Jersey hospital was published on the data leak site managed by SunCrypt, the hospital contacted the hackers through the Tor payment site. There, the gang informed its victim that it had to pay a ransom of $ 1,7 million. However, the hackers explained that the hospital could negotiate the ransom price due to the situation in view of the pandemic. COVID-19.
As the New Jersey hospital had only two servers encrypted, there was concern about further exposure of the stolen patient data, so hospital officials were willing to pay a ransom to prevent this.
It is unknown at this time what kind of information is contained in the stolen files, but SunCrypt hackers have claimed to have stolen information related to identity scans, social security numbers and the type of illness.
After ongoing negotiations, the two sides agreed to pay a ransom of $ 672.744 or 61,90 bitcoin, and the hospital sent a payment to the given bitcoin address. The bitcoin blockchain shows that 61,9 bitcoins were sent to the ransomware gang bitcoin address on September 19th.
As part of the negotiations, the ransomware operators agreed to provide a decryptor, all stolen data, a security report and an agreement not to reveal stolen data or to re-attack the hospital.
According to a security report received by the New Jersey hospital, his network was compromised after an employee "fell into the trap" of a Phishing scam and provided them credentials on the network. The ransomware operators then used the stolen network credentials to connect to the hospital's Citrix server and obtain access on the network.
SunCrypt has stated that it will not target hospitals again in the future. Respectively, the CLOP gangs, DoppelPaymer, Maze and Nephilim ransomware stated that they will not target hospitals, while all data that was accidentally encrypted will be decrypted for free. The Netwalker ransomware gang was the only one to respond that any organization, including an encrypted hospital, would have to pay a ransom.
"Dissent Doe", a journalist who deals with incidents of data breach Databreaches.net, recently reported that he contacted SunCrypt after noticing that hospital data had been removed from the ransomware gang's leak site. SunCrypt hackers said in a conversation with Dissent Doe that they would not target other healthcare organizations, as "they do not play with human lives."