The Daixin Ransomware Gang's Attack on Columbus Regional Healthcare System

The Daixin ransomware gang has attacked the Columbus Regional Healthcare System. The Columbus Regional Healthcare System is a nationally recognized health system serving a ten-county region in south-eastern Indiana. Daixin has stolen and leaked 70GB of private information, including sensitive patient data. Although it's unknown what the ransomware gang demanded as ransom, the fact that Daixin leaked the data suggests that the Columbus Regional Healthcare System refused to pay.

The Daixin Group: A Ransomware Gang

The Daixin Group is a ransomware gang. Since approximately June 2022, they have focused on the HPH Sector. Their modus operandi involves deploying ransomware to encrypt critical servers responsible for healthcare services, including electronic health records, diagnostics, imaging, and intranet services. Additionally, they engage in exfiltrating sensitive personal identifiable information (PII) and patient health information (PHI), threatening to release it unless a ransom is paid.

Method of Attack

To gain initial access to their victims, the Daixin actors exploit vulnerabilities in virtual private network (VPN) servers. One known instance involved exploiting an unpatched vulnerability in the target organization's VPN server. In another case, they used previously compromised credentials to access a legacy VPN server lacking multifactor authentication (MFA). The actors likely acquired VPN credentials by using a phishing email containing a malicious attachment.