Ransomware Attack on Medisetter by KillSec: A Detailed Analysis

Medisetter, Vietnam's largest multichannel digital network dedicated to healthcare practitioners (HCPs), has recently fallen victim to a ransomware attack orchestrated by the notorious group known as KillSec. The attack targeted the website medisetter.com and lasted for 20 hours, 23 minutes, and 28 seconds, resulting in unauthorized access to sensitive client data.

About Medisetter

Founded in 2019, Medisetter is a digital platform focused on connecting healthcare practitioners in developing countries, particularly Vietnam, with global healthcare insights and professional development opportunities. The company aims to reduce disparities in healthcare quality by fostering peer-to-peer knowledge exchange and continuing medical education (CME) among medical professionals. Medisetter operates Vietnam's largest multichannel digital community for doctors and medical students, which is particularly valuable in resource-constrained environments where access to continuing education may be limited.

Medisetter distinguishes itself through its comprehensive digital engagement solutions tailored for pharmaceutical and medical device companies. These solutions include scientific detailing, corporate brand-building, and market research, utilizing various digital formats such as webinars, video tutorials, and e-learning programs. The company has built a network comprising over 16,000 users, growing at a rate of approximately 15% month-on-month.

Attack Overview

The ransomware attack on Medisetter was executed by KillSec, a group known for targeting various industries and countries. During the attack, KillSec managed to gain unauthorized access to sensitive client data, including names, emails, phone numbers, cities, work addresses, specialty types, and districts of doctors and students. The attackers are demanding a ransom of $5000 to be paid through a specified link.

About KillSec

KillSec, also known as Kill Security, is a ransomware group that has been active in targeting various sectors, including government, manufacturing, defense, professional services, banking, and finance. The group uses a variety of communication channels such as Telegram, Session Messenger, and Tox, and demands ransom payments in Monero (XMR) cryptocurrency. KillSec is known for its extensive targeting and significant extortion amounts, ranging from 1,500 EUR to 10,000 EUR.

Penetration and Vulnerabilities

While the exact method of penetration used by KillSec in the Medisetter attack is not disclosed, it is likely that the group exploited vulnerabilities in the company's digital infrastructure. Given Medisetter's extensive digital engagement and large user base, the platform may have been an attractive target for ransomware attacks. The lack of a decryptor for KillSec's ransomware further complicates recovery efforts, making it crucial for organizations to implement effective cybersecurity measures.

Sources

• Medisetter
• Medisetter About
• WatchGuard Ransomware Tracker
• ID Ransomware
• TechRadar