Cicada3301 Ransomware Group Attacks ASST Rhodense, Exposes 1000GB Data

Incident Date:

June 20, 2024

World map

Overview

Title

Cicada3301 Ransomware Group Attacks ASST Rhodense, Exposes 1000GB Data

Victim

ASST Rhodense

Attacker

Cicada 3301

Location

Rho, Italy

, Italy

First Reported

June 20, 2024

Ransomware Attack on ASST Rhodense by Cicada3301

Overview of ASST Rhodense

ASST Rhodense, a key player in the healthcare sector of Lombardy, Italy, is renowned for its comprehensive healthcare services ranging from emergency care to specialized medical treatments. Operating under the governance of the Lombardy Regional Health Authority, this organization is pivotal in advancing medical research and training, collaborating with top universities and institutions. Despite its prominence, the recent cyberattack highlights potential vulnerabilities in its digital infrastructure, which is critical for its operation and service delivery.

Details of the Ransomware Attack

The Cicada3301 ransomware group has claimed responsibility for a significant security breach at ASST Rhodense. This attack resulted in the exfiltration of approximately 1000 GB of sensitive data, which was publicly disclosed on June 15, 2024. The breach not only undermines the privacy of patients and staff but also poses a severe risk to the continuity of healthcare services provided by the organization.

Profile of Cicada3301 Ransomware Group

Cicada3301 has recently emerged as a formidable threat in the cyber landscape, targeting various organizations worldwide. This group distinguishes itself through sophisticated attack vectors and has been involved in multiple high-profile ransomware incidents. Their method of operation typically involves deep reconnaissance followed by exploitation of network vulnerabilities, particularly those overlooked in IT security protocols of targeted institutions.

Cicada 3301

To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.

Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats.  For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.

We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.

Potential Entry Points and System Vulnerabilities

While specific details of the intrusion method remain unclear, common entry points for such attacks include phishing, exploitation of unpatched systems, or compromised credentials. Healthcare organizations like ASST Rhodense are often at risk due to the vast amount of sensitive data they handle and the complex nature of their network systems, which may have unsecured endpoints susceptible to such breaches.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.