Ransomware Attack on People Encouraging People: A Detailed Analysis

On January 17, 2025, People Encouraging People (PEP), a Baltimore-based non-profit organization specializing in behavioral healthcare, allegedly fell victim to a ransomware attack by the notorious INC Ransom group. This incident highlights the ongoing threat ransomware poses to the healthcare sector, especially organizations handling sensitive mental health data.

About People Encouraging People

Founded in 1979, People Encouraging People is a comprehensive behavioral healthcare organization dedicated to supporting individuals with psychiatric, mental health, and substance abuse challenges. With approximately 174 employees, PEP operates multiple locations throughout Maryland, serving around 1,600 individuals. The organization is recognized for its holistic approach, offering services such as psychiatric rehabilitation, housing support, and vocational training. PEP's commitment to individualized care and community integration distinguishes it in the healthcare sector.

Vulnerabilities and Targeting

PEP's focus on mental health services makes it an attractive target for ransomware groups like INC Ransom, which often exploit vulnerabilities in organizations with high-value data. The healthcare sector's dependence on sensitive patient information and the potential for significant disruption make it particularly vulnerable to such attacks. The breach at PEP underscores the critical need for effective cybersecurity measures in protecting patient confidentiality and data integrity.

Attack Overview

The INC Ransom group reportedly infiltrated PEP's systems, exfiltrating sensitive data and posting screenshots on their dark web leak site as evidence of the breach. This attack is part of a broader trend of ransomware groups targeting healthcare organizations, leveraging the potential impact on patient care to pressure victims into paying ransoms. The exact method of infiltration remains unclear, but INC Ransom is known for using spear-phishing and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler.

About INC Ransom Group

Emerging in July 2023, INC Ransom has quickly gained notoriety for its sophisticated attacks on large organizations, particularly in healthcare. The group employs a combination of spear-phishing, vulnerability exploitation, and multi-extortion tactics. Their operations are characterized by aggressive extortion methodologies, including threatening to leak stolen data if ransoms are not paid. INC Ransom's focus on high-value data industries and their ability to evade detection make them a formidable threat in the cybersecurity landscape.

Sources

• Ransomware.live
• Ransomware Spotlight: INC Ransom - Trend Micro
• People Encouraging People - Cause IQ
• Dark Web Profile: INC Ransom - SOCRadar
• INC Ransom Group Detection and Prevention - Check Point