Daixin Team Ransomware Attack on Acadian Ambulance: A Detailed Analysis

Overview of Acadian Ambulance

Acadian Ambulance, founded in 1971, is a leading private ambulance service headquartered in Lafayette, Louisiana. Initially created to fill a critical gap in emergency medical transportation, the company has grown to serve most of Louisiana, parts of Texas, Tennessee, and Mississippi. Acadian operates a diverse fleet of over 600 ground ambulances, helicopters, and fixed-wing aircraft, providing both emergency and non-emergency medical transportation. The company also offers services through its divisions, including Acadian Air Med, Executive Aircraft Charter Service, Acadian Total Security, National EMS Academy, and Safety Management Systems.

Company Size and Industry Standing

Acadian Ambulance employs between 1,001 and 5,000 individuals, making it a significant employer in the region. The company is recognized for its commitment to quality and innovation in emergency medical services, earning accreditations from the Commission on Accreditation of Ambulance Services (CAAS) and the Commission on Accreditation of Medical Transport Systems (CAMTS). These accolades underscore Acadian's adherence to the highest standards in prehospital medical care and transportation.

Details of the Ransomware Attack

In June 2024, Acadian Ambulance fell victim to a ransomware attack orchestrated by the Daixin Team. The breach potentially compromised the personal and health information of millions of patients. The attackers claim to have stolen 11 million records, including Social Security numbers, names, birth dates, medical records, and employee information. They demanded a $7 million ransom to prevent the data from being published, but Acadian's counteroffer of $173,000 was rejected. Despite the severity of the breach, Acadian ensured that patient care and ambulance dispatch services remained uninterrupted by promptly shutting down affected systems and activating backups.

About the Daixin Team

The Daixin Team is known for engaging in dual ransomware attacks, deploying two different ransomware variants in quick succession to increase pressure on victims. This tactic was evident in their attack on Acadian Ambulance. The group often uses sophisticated techniques to evade detection, such as abusing built-in Windows APIs for keyless encryption and process injection to execute malicious code within legitimate processes.

Potential Vulnerabilities

Acadian Ambulance's extensive digital infrastructure, which includes sensitive patient and employee data, makes it a prime target for ransomware groups like the Daixin Team. The attackers likely penetrated the company's systems through vulnerabilities in their network security, possibly exploiting unpatched software or using phishing attacks to gain initial access.

Sources

• Acadian Ambulance - Our Company
• Acadian Ambulance LinkedIn Profile
• TechTarget - Dual Ransomware Attacks
• BleepingComputer - GhostCtrl