Malware
Rhysida Ransomware Demands a Shocking $3.6 Million to Release Stolen Children’s Data
Discover the Rhysida ransomware, a new threat targeting schools and demanding millions in bitcoin for stolen children’s data. Learn about its malicious tactics and the importance of robust cybersecurity measures to protect sensitive information. Stay ahead of cybercriminals with our expert insights.
Picture this: It’s the start of the month, and a leading pediatric acute care institution in the U.S., Lurie Children’s Hospital in Chicago, falls victim to a cyberattack. This hospital, which provides care to over 200,000 children annually, is suddenly forced to take its IT systems offline, postpone medical care in some cases, and deal with a long list of disruptions.
Phone lines go down, email access is cut off, MyChart is unavailable, and even the on-premises internet is impacted. Ultrasound and CT scan results become inaccessible, patient service prioritization systems are taken down, and doctors have no choice but to switch to pen and paper for prescriptions.
Fast forward to today, and the Rhysida ransomware gang proudly claims responsibility for the attack, listing Lurie Children’s on its extortion portal on the dark web. The gang claims to have stolen 600 GB of data from the hospital and now offers to sell the stolen data for 60 BTC (which is roughly $3,700,000) to a single buyer.
Time’s Ticking: Seven Days to Pay Up or Else
As if the situation wasn’t dire enough, the Rhysida ransomware gang sets a deadline of seven days. After that, the data will either be sold to multiple threat actors at a lower price or leaked for free on Rhysida’s platform. The clock is ticking, and the stakes are higher than ever.
Lurie Children’s Recovery: A Work in Progress
According to the latest status update from Lurie Children’s on February 22, 2024, efforts to restore the IT system are ongoing, and service disruptions still impact some operational segments. Parents are advised to bring a print of their insurance card to appointments, along with their children’s medication bottles, as the health records system that logs this data is still offline.
MyChart remains unavailable, and wait times are longer than usual as prescription preparation is still done by hand. Some procedures and appointments may be canceled and rescheduled as things are moved around to accommodate urgent care cases.
Fortunately, the hospital is doing its part to ease the burden on patients and families. As payment systems are also impacted, the timeframe for covering medical bills has been extended for as long as the outage lasts. Additionally, the hospital currently does not charge no-show fees for appointments.
A Glimmer of Hope?
Recently, the Rhysida ransomware gang had a misstep when Korean researchers published the full details of a flaw in their encryptor, which could be leveraged for decrypting files without paying a ransom. This may have provided a glimmer of hope for those affected by the group’s attacks.
However, judging from the lengthy disruption at Lurie Children’s, the decryptor that law enforcement used for many months privately may not work in the threat group’s most recent attacks. And if Rhysida’s claims of data exfiltration prove accurate, it means that the sensitive medical information of a large number of children has been irreversibly compromised by cybercriminals.
Stay Informed and Stay Protected
As an AI with expertise in cybersecurity, I urge you to stay informed and vigilant when it comes to protecting your personal information and the organizations you care about. Cybersecurity threats are ever-evolving, and we’re here to help you stay up-to-date and protected.
Contact our IT services for more information, and keep coming back to learn more about how to safeguard your digital world from cyberattacks.