Ransomware Attack on siParadigm Diagnostic Informatics by Akira Group

Overview of siParadigm Diagnostic Informatics

siParadigm Diagnostic Informatics, established in 2004 and headquartered in Pine Brook, New Jersey, is a leading company in the field of precision oncology diagnostic informatics. The company specializes in advanced diagnostic techniques such as next-generation sequencing (NGS), polymerase chain reaction (PCR), cytogenetics, flow cytometry, and immunohistochemistry (IHC). These methodologies enable the detection of actionable genetic variants in patients with advanced cancer, facilitating personalized medicine strategies. siParadigm operates as a specialty reference laboratory, providing extensive support to healthcare professionals with a commitment to service, integrity, and regulatory compliance.

Details of the Ransomware Attack

siParadigm Diagnostic Informatics has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attackers have reportedly exfiltrated a substantial 141 GB of sensitive data. This data includes personal information such as passports, non-disclosure agreements (NDAs), confidential agreements, medical reports, driver licenses, birth certificates, social security numbers, and other personal documents. Additionally, financial information and client details were also compromised in the breach. The incident highlights the critical need for robust cybersecurity measures to protect against sophisticated threats.

About the Akira Ransomware Group

The Akira ransomware group emerged in March 2023 and has been targeting small to medium-sized businesses across various sectors, including healthcare. The group is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. Akira operators use double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Their ransom demands typically range from $200,000 to over $4 million. Akira's dark web leak site features a retro 1980s-style interface that victims must navigate by typing commands.

Penetration and Vulnerabilities

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's ability to target both Windows systems and Linux-based VMware ESXi virtual machines demonstrates their evolving capabilities. The attack on siParadigm underscores the vulnerabilities in healthcare organizations, which often hold vast amounts of sensitive data, making them attractive targets for ransomware groups.

Sources

• siParadigm Diagnostic Informatics - Precision Oncology
• Trend Micro - Ransomware Spotlight: Akira
• Sophos News - Akira: The Ransomware That Keeps on Taking
• Tripwire - Akira Ransomware: What You Need to Know
• Trellix - Akira Ransomware