Ransomware Attack on Ascires Biomedical Group by Stormous

Ascires Biomedical Group, a leading Spanish organization in the healthcare sector, has reportedly been targeted by the Stormous ransomware group. This attack has resulted in the exfiltration of approximately 700 GB of sensitive data, including client information, medical reports, financial documents, and strategic business plans. The breach highlights significant vulnerabilities within Ascires' cybersecurity infrastructure, raising concerns about the protection of sensitive medical and personal data.

About Ascires Biomedical Group

Ascires Biomedical Group, established over 50 years ago, is a prominent player in the fields of genetics, diagnostic imaging, and nuclear medicine. The organization operates a network of biomedical clinics primarily in the Valencian Community and Catalonia, collaborating with both public and private hospitals. Ascires is recognized for its pioneering efforts in medical technology, including the introduction of Spain's first MRI and CT scan machines. The group's commitment to research and development is evident, with approximately 15% of its profits reinvested into R&D initiatives aimed at enhancing precision medicine.

Details of the Attack

The Stormous ransomware group claims to have infiltrated Ascires' systems, compromising a wide array of critical assets. The attackers have released samples of the stolen data to substantiate their claims, underscoring the severity of the breach. The compromised information reportedly includes client data, medical reports, financial documents, and patient-related data. This breach poses significant risks to Ascires' operations and reputation, given the sensitive nature of the data involved.

Stormous Ransomware Group

Stormous is a ransomware group that emerged in early 2022, known for its politically motivated operations and support for Russia amid the conflict with Ukraine. The group employs a double extortion tactic, encrypting data and threatening to leak sensitive information if the ransom is not paid. Stormous operates through an underground website and communicates via Telegram, often targeting Western nations and companies. Despite its claims, many cybersecurity experts view Stormous as a potentially fraudulent operation, raising questions about the legitimacy of their attacks.

Potential Vulnerabilities

The attack on Ascires highlights potential vulnerabilities in the organization's cybersecurity measures. As a leader in medical technology, Ascires handles vast amounts of sensitive data, making it an attractive target for threat actors like Stormous. The breach underscores the need for effective cybersecurity protocols to protect against sophisticated ransomware attacks, particularly in the healthcare sector where data sensitivity is paramount.

Sources

• Ascires - About Us
• SOCRadar - Who is Stormous Ransomware Group?
• SecureBlink - Stormous Ransomware Targeted Four Victims
• Trustwave - Stormous Ransomware Group
• Ascires - Diagnostic Imaging