Rhysida Ransomware Group Targets Gándara Center in Major Healthcare Cyberattack

Incident Date: Jul 17, 2024

Attack Overview

VICTIM

Gandara Center

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Rhysida

FIRST REPORTED

July 17, 2024

Request Removal

Ransomware Attack on Gándara Center by Rhysida Ransomware Group

Overview of the Gándara Center

The Gándara Center, officially known as Gandara Mental Health Center, Inc., is a nonprofit organization based in Holyoke, Massachusetts. It employs approximately 300 individuals and operates over 100 locations throughout the state. The center is dedicated to promoting the well-being of culturally diverse and at-risk populations, particularly focusing on bilingual and bicultural communities. Their services include behavioral health, addiction recovery programs, youth and young adult services, and community health initiatives. The center is recognized for its culturally competent care, especially tailored to the needs of Spanish-speaking individuals and families.

Details of the Ransomware Attack

The Rhysida ransomware group has claimed responsibility for a cyberattack on the Gándara Center. The attackers have listed the center on their dark web leak site, demanding a ransom of 10 Bitcoin, approximately $650,000, with a payment deadline set for July 25th, 2024. The attack has resulted in the encryption of critical data, and the group has threatened to publish the exfiltrated information unless the ransom is paid.

About the Rhysida Ransomware Group

The Rhysida Ransomware Group emerged in May 2023 and has since targeted various sectors, including healthcare, education, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to release it publicly. Rhysida ransomware is written in C++ and uses the ChaCha20 encryption algorithm. The group typically gains initial access through phishing campaigns and leverages valid credentials to infiltrate networks. They use tools like PsExec for lateral movement and deploy the ransomware across target systems.

Potential Vulnerabilities and Penetration Methods

The Gándara Center, like many healthcare organizations, is a prime target for ransomware attacks due to the sensitive nature of the data they handle. The center's extensive network and reliance on digital records make it vulnerable to cyber threats. Rhysida likely penetrated the center's systems through phishing emails, exploiting human error to gain initial access. Once inside, they used advanced tools to enumerate the network and deploy the ransomware, encrypting critical files and demanding a ransom.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.