Clinica Tezza Hit by LockBit Ransomware: Key Details and Impact

Incident Date:

August 11, 2024

World map

Overview

Title

Clinica Tezza Hit by LockBit Ransomware: Key Details and Impact

Victim

Clinica Tezza

Attacker

Lockbit3

Location

Lima, Peru

, Peru

First Reported

August 11, 2024

LockBit Ransomware Attack on Clinica Tezza: A Detailed Analysis

On August 12, 2024, Clinica Tezza, a prominent healthcare institution in Lima, Peru, became the latest victim of a ransomware attack orchestrated by the notorious LockBit group. This incident highlights the increasing vulnerability of healthcare providers to cyber threats, potentially jeopardizing sensitive patient data and disrupting essential medical services.

About Clinica Tezza

Founded on December 8, 1967, by the Congregation of the Daughters of St. Camillus, Clinica Tezza is dedicated to providing comprehensive medical care. The clinic offers over 30 medical specialties, including cardiology, general surgery, ophthalmology, gynecology, and pediatrics. With a team of more than 200 medical professionals, the clinic is equipped with modern medical technologies and services such as emergency care, imaging and radiology, laboratory services, and specialized units like the Intensive Care Unit (ICU) and Neonatal ICU.

Clinica Tezza is known for its patient-centered care, offering virtual consultations and medication delivery services to enhance patient experience. The clinic's commitment to quality and community service aligns with the broader goals of the Daughters of St. Camillus, emphasizing compassionate and diligent care.

Attack Overview

The ransomware attack targeted Clinica Tezza's website, clinicatezza.com.pe. While the exact size of the data leak remains unknown, the attack underscores the growing threat of cyberattacks on healthcare institutions. The LockBit group, known for its sophisticated ransomware-as-a-service (RaaS) operations, claimed responsibility for the attack via their dark web leak site.

About LockBit

LockBit has been active since September 2019 and has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.

Penetration and Vulnerabilities

LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper.

Clinica Tezza's reliance on digital services and patient data management systems made it a prime target for such an attack. The healthcare sector's critical nature and the potential for significant disruption make it an attractive target for ransomware groups like LockBit.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.