University Hospital New Jersey (UHNJ) systems were encrypted with SunCrypt ransomware, and also the attacker stole documents from the institution and leaked them online. The incident took place in September.
UHNJ is a New Jersey state teaching hospital with more than 3,500 employees that was established in 1994.
The hospital has a budget of $ 626 million with more than 172,000 outpatient visits annually.
The SunCrypt ransomware operation has leaked allegedly stolen UHNJ data in a ransomware attack in September.
SunCrypt ransomware operators first appeared on the threat landscape in October 2019, and over the past few months, they launched a dedicated leak site where they began publishing the stolen data to victims.
In early September, the Haywood County School District in North Carolina suffered a data breach after unencrypted files were stolen during a SunCrypt Ransomware attack.
The ransomware attack took place on August 24, 2020, but at that time the malware family that infected the school district was not revealed.
The infection forced the school district to shut down its systems and suspend remote instruction.
Now BleepingComputer first reported the attack on the UHNJ, SunCrypt Ransomware leaked a 1.7GB file containing more than 48,000 documents and claimed to have stolen 240GB of data.
“This data breach includes patient information release authorization forms, copies of driver’s licenses, social security numbers (SSN), date of birth (DOB), and records about the Board of Directors,” reported Bleeping Computer.
A BleepingComputer source briefed on the incident revealed that a UHNJ employee was infected with the TrickBot Trojan in late August before the ransomware attack occurred.
If confirmed, it is possible for attackers to use TrickBot to gain a foothold on the target network and then infect as many systems as possible.
BleepingComputer made an interesting observation, while Maze denies any ties to the SunCrypt gang, the operators of the SunCrypt ransomware told BleepingComputer that they are part of the Maze gang.
Experts also noted that SunCrypt-infected systems connect to an IP address previously associated with Maze ransomware operations.