Southern Oregon Vet Center Faces Monti Ransomware Attack
Ransomware Attack on Southern Oregon Veterinary Specialty Center
The Southern Oregon Veterinary Specialty Center (SOVSC), a prominent veterinary facility in Central Point, Oregon, recently fell victim to a ransomware attack orchestrated by the Monti group. This incident underscores the vulnerabilities faced by healthcare services, including specialized veterinary centers, in the face of evolving cyber threats.
About Southern Oregon Veterinary Specialty Center
Established in 2004, SOVSC is a specialized veterinary facility providing comprehensive emergency and specialty care for pets in Southern Oregon and Northern California. Operating 24/7, the center is staffed by board-certified specialists and highly trained veterinarians, offering services such as emergency care, surgical procedures, internal medicine, oncology, and critical care monitoring. SOVSC is recognized for its collaborative approach with local veterinarians, ensuring seamless integration of care and maintaining a strong commitment to patient welfare and family support.
Details of the Ransomware Attack
Over the weekend of November 9, SOVSC experienced a cyber attack that disrupted its operations. The breach was discovered when staff were unable to access patient files due to a ransom note. In response, the center shut down its networks, replaced compromised devices, and engaged cybersecurity experts to contain the damage. The attack led to the temporary closure of urgent care services and limited emergency room operations, causing longer wait times and patient referrals to other providers. Fortunately, external data storage remained secure, allowing partial access to patient information. No client payment data was compromised, as it is managed offsite by a third-party vendor.
Monti Ransomware Group
The Monti ransomware group emerged in June 2022, drawing attention for its similarities to the disbanded Conti group. Monti targets sectors such as legal, financial, and government entities, and has developed variants for both Windows and Linux systems. The group is known for using vulnerabilities like Log4Shell to infiltrate networks and employs tactics such as public shaming on their data leak site to pressure victims into paying ransoms. Monti's recent operations have included a new Linux-based variant, indicating an evolution in their coding practices and an ongoing threat to organizations.
Potential Vulnerabilities and Penetration
Healthcare facilities like SOVSC are increasingly targeted by ransomware groups due to the critical nature of their services and the potential impact of operational disruptions. The Monti group likely exploited known vulnerabilities to penetrate SOVSC's systems, emphasizing the need for enhanced cybersecurity measures in the healthcare sector. This incident serves as a reminder of the importance of continuous security improvements to protect against future threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!