BlackSuit Ransomware Targets Special Health Resources, Threatens Data Leak
Incident Date:
June 12, 2024
Overview
Title
BlackSuit Ransomware Targets Special Health Resources, Threatens Data Leak
Victim
Special Health Resources
Attacker
Black Suit
Location
First Reported
June 12, 2024
Ransomware Attack on Special Health Resources by BlackSuit
Overview of Special Health Resources
Special Health Resources (SHR) is a comprehensive healthcare system operating in East Texas and Southwest Arkansas. Founded in the late 1980s in response to the AIDS epidemic, SHR has expanded to provide a wide range of services, including primary care, dental care, women's health, immunizations, STD and HIV/AIDS screening and treatment, mental health services, and substance abuse treatment. The organization serves 23 counties in East Texas and one county in Arkansas, with locations in Longview, Tyler, Paris, Jacksonville, and Texarkana, as well as mobile units for rural areas.
Details of the Ransomware Attack
The ransomware group BlackSuit has claimed responsibility for an attack on Special Health Resources. The attack was announced on BlackSuit's dark web leak site, where the group threatened to release sensitive data if their demands are not met. The specifics of the compromised data and the extent of the breach have not been disclosed by the attackers.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. BlackSuit targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting a high degree of code and functional overlap.
Potential Vulnerabilities and Penetration
Given SHR's extensive network of clinics and mobile units, the organization likely relies on a complex IT infrastructure to manage patient data and healthcare services. This complexity can introduce vulnerabilities, such as outdated software, insufficient network segmentation, and inadequate employee training on phishing attacks. BlackSuit could have exploited these vulnerabilities through phishing emails, exploiting unpatched software, or leveraging weak network security protocols to gain access to SHR's systems.
Impact on Special Health Resources
The attack on SHR is particularly concerning given the organization's focus on providing healthcare to underserved and vulnerable populations. A successful ransomware attack could disrupt critical healthcare services, delay patient care, and compromise sensitive patient data, potentially leading to severe consequences for the affected individuals and communities.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.