Ransomcortex Ransomware Attack on Instituto Respirar Londrina

Overview of Instituto Respirar Londrina

Instituto Respirar Londrina, established on May 1, 2019, is a multidisciplinary healthcare facility in Londrina, Brazil, specializing in respiratory medicine. The institute focuses on the prevention, diagnosis, treatment, and management of respiratory diseases, infectious diseases, and thoracic surgery. With a team of 6-10 employees, the institute generates annual revenue between $1M-$5M. Their services include pulmonology, sleep studies, infectious disease management, bronchoscopy, and pletismography. The institution is known for its patient-centered care and its significant impact on the community by providing specialized healthcare services.

Details of the Ransomware Attack

The ransomware group Ransomcortex has claimed responsibility for a cyberattack on Instituto Respirar Londrina. The attackers targeted the hospital's digital infrastructure, encrypting 90GB of critical data. This data includes sensitive financial documents such as "REPASSE_DOS_S_CIOS_JULHO_2623.x1sx" and "Controle Conta Corrente DRA. FATIMA CHIBANA_.x1sx". The breach has severely compromised the security and accessibility of important operational and financial information, posing significant challenges to the hospital's functionality and patient care services.

Ransomcortex: Modus Operandi and Distinguishing Features

Ransomcortex is a ransomware group that exclusively targets healthcare facilities, recognizing the high value of healthcare data. This data is often exploited for financial fraud, extortion, and sale on online black markets. The group operates a dark web leak site where they recruit individuals for various tasks, including making ransom payments and gathering intelligence. Ransomcortex uses encryption software from third-party sources and does not offer Ransomware as a Service (RaaS). They avoid targeting specific nations and companies that have previously paid ransoms.

Potential Vulnerabilities and Penetration Methods

Healthcare facilities like Instituto Respirar Londrina are particularly vulnerable to ransomware attacks due to the high value of their data and the critical nature of their services. Potential vulnerabilities include outdated software, lack of robust cybersecurity measures, and insufficient employee training on phishing and other cyber threats. Ransomcortex could have penetrated the hospital's systems through phishing emails, exploiting software vulnerabilities, or using compromised credentials.

Sources

• Instituto Respirar Londrina
• BreachSense: Instituto Respirar Data Breach
• RedHotCyber: Ransomcortex Targeting Healthcare Facilities
• LinkedIn: Instituto Respirar de Londrina
• ZoomInfo: Instituto Respirar de Londrina