The University Hospital of New Jersey (UHNJ) in Newark, NJ eventually paid a ransom of $ 670,000 to prevent the release of 240GB of stolen data, including patient information.
In September, University Hospital of New Jersey (UHNJ) systems was encrypted with SunCrypt ransomware, threat actors also stole documents from the institution and leaked a small portion of them online.
UHNJ is a New Jersey state-owned teaching hospital with more than 3,500 employees that was established in 1994. The hospital has a budget of $ 626 million with more than 172,000 outpatient visits annually.
SunCrypt ransomware operators first appeared on the threat landscape in October 2019, and over the past few months, they launched a dedicated leak site where they began publishing the stolen data to victims.
BleepingComputer first reported the attack on UHNJ, SunCrypt Ransomware leaked a 1.7GB file containing more than 48,000 documents, claiming to have stolen 240GB of data.
“This data breach includes patient information release authorization forms, copies of driver’s licenses, social security numbers (SSN), date of birth (DOB), and records about the Board of Directors,” reported Bleeping Computer.
A BleepingComputer source briefed on the incident revealed that a UHNJ employee was infected with the TrickBot Trojan in late August before the ransomware attack occurred.
The hospital contacted the ransomware operators through its payment site Tor, according to BleepingComputer, the initial ransom demand was $ 1.7 million. In any case, the threat actors were open to a bailout negotiation “due to the COVID-19 situation.”
“We want to prevent any further leakage of our data and that is why we are here talking to you,” UHNJ told the ransomware operators.
The two parties finally agreed to pay a ransom of $ 672,744, roughly 61.90 bitcoins on September 19.
SunCrypt ransomware operators provided the University Hospital of New Jersey with a decryptor, the stolen data, a security report, and an agreement not to reveal any stolen data or to attack UHNJ again.
The report claims that the point of entry was a phishing email that tricked an employee into providing network credentials that allowed attackers to log into the UHNJ Citrix server and gain access to the network.
Source : Security affairs
Also Read | City of Madison Budgets $200K for Cybersecurity