LockBit Ransomware Attack Breaches Sensitive Data at As-Salam International Hospital
LockBit Ransomware Attack on As-Salam International Hospital
Overview of As-Salam International Hospital
As-Salam International Hospital (ASSIH), established in 1982 and located in Cairo, Egypt, is a prominent tertiary care facility recognized for its comprehensive medical services and advanced healthcare technologies. Operating under the Alameda Healthcare Group, the hospital aims to enhance private healthcare in Egypt and the broader MENA region. Accredited by the Joint Commission International (JCI), ASSIH is committed to high-quality healthcare standards. The hospital offers a wide range of medical services across more than 30 specialties, catering to both inpatient and outpatient needs. It employs over 700 physicians and 400 nurses, and has a capacity of over 400 beds.
Details of the Ransomware Attack
As-Salam International Hospital has recently fallen victim to a ransomware attack orchestrated by the LockBit group. The cybercriminals have reportedly exfiltrated a significant amount of sensitive information, including medical records, patient diagnoses, financial data, and other critical data. The attackers have set a ransom deadline for July 26, 2024, by which they demand payment to prevent the release or further exploitation of the stolen information. This attack has left the hospital grappling with the dual challenge of securing its systems and mitigating the potential fallout from this breach.
About LockBit Ransomware Group
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The ransomware uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.
Potential Vulnerabilities and Penetration Methods
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The hospital's extensive digital infrastructure and the sensitive nature of its data make it a prime target for such sophisticated ransomware attacks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!