Ransomware Attack on Black Creek Community Health Centre by INC Ransom

Incident Overview

On December 9, Black Creek Community Health Centre (BCCHC), a non-profit organization in North York, Ontario, Canada, allegedly became the target of a ransomware attack by the infamous INC Ransom group. BCCHC, operating within the Medical & Surgical Hospitals sector, is known for its comprehensive healthcare services to vulnerable populations in Toronto's northwest communities. Established in 1989, the center employs between 101 and 250 staff members and serves over 9,000 clients annually. Its dedication to holistic care and innovative client engagement tools, such as the Tickit Health platform, sets it apart in the healthcare industry.

Exploiting Vulnerabilities

This attack brings to light the vulnerabilities that healthcare providers face, especially those in high-pressure environments. The INC Ransom group, notorious for targeting industries with valuable data like healthcare, allegedly exploited these vulnerabilities to breach BCCHC's systems. While the full extent of the data leak is still unclear, the attackers have released screenshots of exfiltrated data as proof of the breach. This incident emphasizes the urgent need for enhanced cybersecurity measures in the healthcare sector.

INC Ransom's Modus Operandi

Emerging in July 2023, INC Ransom has quickly gained a reputation for its targeted attacks on large organizations. The group reportedly uses a mix of spear-phishing, vulnerability exploitation, and multi-extortion tactics. They have notably taken advantage of the CVE-2023-3519 vulnerability in Citrix NetScaler to penetrate networks. Their approach includes deploying tools like NETSCAN.EXE for network scanning and MEGAsyncSetup64.EXE for file sharing, along with defense evasion techniques such as terminating security processes and erasing logs to avoid detection.

Broader Implications

The attack on BCCHC is part of a wider pattern of incidents involving INC Ransom, which has allegedly targeted at least 165 organizations, mainly in North America and Europe. The group employs double-extortion tactics, threatening to leak sensitive data if ransom demands are not met. This aggressive strategy, coupled with their sophisticated attack methods, positions INC Ransom as a significant threat in the cybersecurity landscape.

Lessons for BCCHC

For BCCHC, this attack serves as a stark reminder of the critical importance of cybersecurity in safeguarding sensitive healthcare data. As the organization works to recover from this breach, it will need to reassess its security posture to prevent future incidents.

Sources

• https://www.ransomware.live/id/QmxhY2sgQ3JlZWsgQ29tbXVuaXR5IEhlYWx0aCBDZW50cmUgKGJjY2gubG9jYWwpQGluY3JhbnNvbQ==