Ransomware Attack on Sermo

A cyberattack perpetrated by BlackBasta targeted Sermo, a social network tailored for physicians. During the attack, 700 GB of sensitive data, including personal and financial records, as well as ongoing projects, were exfiltrated. Subsequently, a portion of this data was leaked, and a ransom deadline was set for April 16, 2024.

Victim Profile

Established in 2005 and headquartered in New York City, Sermo boasts a user base of over 305,000 verified US physicians and 38,000 UK physicians. With 82 employees, the company serves as a platform for medical professionals to engage in discussions, seek second opinions, and share insights.

Industry Standing

Sermo holds a unique position in the healthcare services sector as the largest healthcare professional polling and survey company globally, boasting 1.6 million healthcare professionals across 80 countries. Annually, the platform conducts around 700,000 surveys, fostering knowledge exchange and collaboration among healthcare professionals worldwide.

Vulnerabilities

Due to its significant presence in the healthcare industry and the sensitive nature of the data it handles, Sermo became an attractive target for BlackBasta. The ransomware group's tactics, including double extortion and encryption using the XChaCha20 algorithm, pose a substantial threat to the operations of platforms like Sermo. BlackBasta's ransom demands, often reaching millions of dollars, could inflict severe financial repercussions on the affected organizations.

Sources:

• Pitchbook - Sermo Company Profile
• Craft - Sermo Overview
• Tracxn - Sermo Company Information
• RocketReach - Sermo Profile
• BBB - Sermo Inc. Profile
• Proven Data - Black Basta Ransomware
• Tata Communications - Guide to Black Basta Ransomware
• HHS - Black Basta Threat Profile
• Darktrace - Black Basta Old Dogs with New Tricks