RansomHub Ransomware Hits Neurological Institute of Savannah

Incident Date: Jul 26, 2024

Attack Overview
VICTIM
Neurological Institute Of Savannah
INDUSTRY
Hospitals & Physicians Clinics
LOCATION
USA
ATTACKER
Ransomhub
FIRST REPORTED
July 26, 2024

RansomHub Ransomware Attack on Neurological Institute of Savannah

Overview of the Neurological Institute of Savannah

The Neurological Institute of Savannah, also known as the Neurosurgical & Spine Institute, is a leading healthcare facility located at 4 E. Jackson Blvd, Savannah, GA. Specializing in neurology and neurosurgery, the institute is renowned for its comprehensive approach to diagnosing and treating a wide range of neurological disorders. The institute's team includes board-certified neurosurgeons and neurologists who manage conditions such as Parkinson's disease, Alzheimer's disease, epilepsy, migraines, multiple sclerosis, and stroke therapy. Equipped with state-of-the-art technology, the institute emphasizes patient education and support, fostering an environment of trust and confidence.

Details of the Ransomware Attack

The Neurological Institute of Savannah has recently fallen victim to a ransomware attack orchestrated by the RansomHub hacker group. The attackers infiltrated the institute's network and monitored its operations for an extended period. Although they did not encrypt the network, they exfiltrated hundreds of gigabytes of sensitive data, including private patient information, employee details, and personally identifiable information (PII). RansomHub has threatened to leak this data publicly if their demands are not met, which could severely damage the institute's reputation and lead to legal actions from affected patients. The hackers have provided a sample of the stolen data as proof and are urging the institute to appoint a negotiator to discuss terms.

About RansomHub

RansomHub is a relatively new ransomware group that has emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions being among the listed victims. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.

Penetration and Vulnerabilities

RansomHub distinguishes itself by making claims and backing them up with data leaks. The group likely penetrated the Neurological Institute of Savannah's systems through sophisticated phishing attacks or exploiting vulnerabilities in the institute's network security. The healthcare sector is particularly vulnerable to such attacks due to the high value of patient data and the critical nature of healthcare services, which often leads to a higher likelihood of ransom payments.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.