Ransomware Attack on Great Plains Tribal Leaders' Health Board by LockBit

Overview of the Victim

The Great Plains Tribal Leaders' Health Board (GPTLHB) is a prominent organization established in 1986, dedicated to advocating for the health and wellness of American Indian communities across South Dakota, North Dakota, Nebraska, and Iowa. Representing 18 tribal nations, GPTLHB focuses on reducing health disparities and providing essential health services, including public health education and support for tribal health initiatives. Operating from its headquarters in Rapid City, South Dakota, the organization employs approximately 88 staff members and reported providing around $858,900 in grants in 2022.

Core Functions and Services

GPTLHB operates through a multifaceted approach that includes advocacy, public health education, direct health services, and epidemiological support. The organization collaborates with various tribal health programs to provide comprehensive health resources tailored to the unique needs of tribal populations. Key areas of focus include public health advocacy, health programs, epidemiological support, direct care services, and training and education.

Attack Overview

On July 19, 2024, the Great Plains Tribal Leaders' Health Board fell victim to a ransomware attack orchestrated by the LockBit group. The extent of the data breach remains unknown at this time. LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid.

About LockBit Ransomware Group

LockBit is known for its modular ransomware that encrypts its payload until execution to hinder malware analysis and detection. It uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. LockBit performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region.

Potential Vulnerabilities

GPTLHB, like many organizations in the healthcare sector, may have been targeted due to potential vulnerabilities such as outdated software, insufficient network segmentation, and lack of robust cybersecurity measures. The healthcare sector is particularly attractive to ransomware groups due to the sensitive nature of the data they handle and the critical need for continuous operation, which increases the likelihood of ransom payment.

Sources

• About Us - Great Plains Tribal Leaders' Health Board
• Great Plains Tribal Leaders' Health Board
• Dark Web Profile: LockBit Ransomware
• Ransomware Profile: LockBit