Clinica Tezza Hit by LockBit Ransomware: Key Details and Impact
Incident Date:
August 11, 2024
Overview
Title
Clinica Tezza Hit by LockBit Ransomware: Key Details and Impact
Victim
Clinica Tezza
Attacker
Lockbit3
Location
First Reported
August 11, 2024
LockBit Ransomware Attack on Clinica Tezza: A Detailed Analysis
On August 12, 2024, Clinica Tezza, a prominent healthcare institution in Lima, Peru, became the latest victim of a ransomware attack orchestrated by the notorious LockBit group. This incident highlights the increasing vulnerability of healthcare providers to cyber threats, potentially jeopardizing sensitive patient data and disrupting essential medical services.
About Clinica Tezza
Founded on December 8, 1967, by the Congregation of the Daughters of St. Camillus, Clinica Tezza is dedicated to providing comprehensive medical care. The clinic offers over 30 medical specialties, including cardiology, general surgery, ophthalmology, gynecology, and pediatrics. With a team of more than 200 medical professionals, the clinic is equipped with modern medical technologies and services such as emergency care, imaging and radiology, laboratory services, and specialized units like the Intensive Care Unit (ICU) and Neonatal ICU.
Clinica Tezza is known for its patient-centered care, offering virtual consultations and medication delivery services to enhance patient experience. The clinic's commitment to quality and community service aligns with the broader goals of the Daughters of St. Camillus, emphasizing compassionate and diligent care.
Attack Overview
The ransomware attack targeted Clinica Tezza's website, clinicatezza.com.pe. While the exact size of the data leak remains unknown, the attack underscores the growing threat of cyberattacks on healthcare institutions. The LockBit group, known for its sophisticated ransomware-as-a-service (RaaS) operations, claimed responsibility for the attack via their dark web leak site.
About LockBit
LockBit has been active since September 2019 and has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.
Penetration and Vulnerabilities
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper.
Clinica Tezza's reliance on digital services and patient data management systems made it a prime target for such an attack. The healthcare sector's critical nature and the potential for significant disruption make it an attractive target for ransomware groups like LockBit.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.