NASA’s Perseverance rover landing on Mars
Data of patients stolen from Barcelona’s Hospital Clínic up for sale and ask for a ransom of 4.5 Millions
The RansomHouse cybercriminal group has acknowledged that it is behind the attack and has posted a 4.5 terabyte file of patient and worker information.
We have a new addition to our list!” With this sentence, the group of cybercriminals RansomHouse has announced through its Telegram channel the publication of part of the data it stole from the Hospital Clínic de Barcelona, which includes personal information of both patients and workers, as well as internal documents of all kinds. Specifically, they claim to have a file of 4.4 terabytes, for which they ask for a ransom of 4.5 million dollars. For now, all these records are visible to everyone the world through a link.To access, yes, it is necessary to enter the darkweb, so it does not work in conventional browsers and routers.
Until now, RansomHouse had not publicly claimed responsibility for the attack, which had raised suspicions about whether they were really behind the operation, which was what the hospital officials had claimed. As this newspaper has been able to verify, in the data packages you can find full reports of experimental treatments for cancer patients, electrocardiogram tests or contracts for new hospital employees, among others.
This organization would have already contacted the hospital to demand the ransom, something to which they would have refused. In Spain, the Penal Code directly prohibits favoring the “foundation, organization or activity” of criminal gangs through their “economic cooperation”. However, independent consultants and insurers offer these services unofficially to avoid problems. “No company will admit to having paid a ransom, but the truth is that they do it almost every day,” a cybersecurity specialist commented anonymously at the time.
“You are scum of the worst kind. I do not understand how you can publish health data and information about workers who have given their lives during the pandemic to save others, and who give everything every day to maintain the health of the population,” he has It has been the only response that the group has had on its Telegram channel. In this sense, it also made them ugly that the publication of patient data could harm them in their day-to-day lives, since, “for the simple fact of having suffered from cancer, they could be denied mortgages and similar consequences.” “You are nothing more than soulless terrorists. I do not understand how you can sleep at night,” the message settled.
Once they have obtained the data, the ransomware’s modus operandi consists of negotiating a payment to recover from the cyberattack. In the event that the victim does not pay, that information used to remain encrypted (and inaccessible), an operation that has changed in the last year to add an additional form of extortion and that would have been assumed by RansomHouse. Thus, now the attackers take the opportunity to try to sell that data and, if they do not succeed, they publish it on their own website, an additional form of extortion.
Torrejón Hospital, in Madrid, attacked by the ransomware virus “Ryuk”
The Hospital of Torrejón, in Madrid, has been involved in a “computer incident” since january the 17th, which, as they report from the center, “has affected the availability of some information systems.”
This Hospital mostly belongs to Centene Corporation, company based in Missouri (United States) wich is also a 50% shareholder of Ribera Salud Company , Valencian Health Service concessionaire.
This incidence is, according to hospital sources, a computer virus that has blocked the systems to the point of closing access to patient’s medical records and forcing professionals to make paper medical reports with a tracing to recover that information when it returns to normal.
This computer incident affects the availability of some applications of the center and that the internal computer equipment of the center.
The ransomware that has affected consulting companies as Everys, SER radio network and Jerez City Hall in Spain is called Ryuk and comes from Russia. This malware can encrypt databases, spread on its own and attack business environments. The aim of the creators and broadcasters of this virus is to extorting victims with the release of their computers to obtain a ransom payment of bitcoins.
Ryuk’s modus operandi is very similar to other ransomware, as it can be disseminated thanks to Trojans hidden in emails. Likewise, a new version of malware can spread by itself using the private networks of companies. To do this, it has a file known as Wake on LAN (WoL) that allows the cyber criminals to activate computers if they receive a remote order, expanding in a faster and quieter way.
If this information is confirmed, it would be the first known computer attack on a health center in Spain.
The Blue Star ship embarks on the Ares coast
On november the 20th as a result of having run out of machine in the middle of a storm in the anchorage of Ares, the Blue Star was dragged by the wind drifting, until it ended up embarking in the area of Miranda island.
The ship was finally disembarked in december the 10th taking advantage of high tides.