Daixin Team Ransomware Hits Acadian Ambulance: 11M Records Stolen
Incident Date:
July 22, 2024
Overview
Title
Daixin Team Ransomware Hits Acadian Ambulance: 11M Records Stolen
Victim
Acadian Ambulance (US)
Attacker
Daixin
Location
First Reported
July 22, 2024
Daixin Team Ransomware Attack on Acadian Ambulance: A Detailed Analysis
Overview of Acadian Ambulance
Acadian Ambulance, founded in 1971, is a leading private ambulance service headquartered in Lafayette, Louisiana. Initially created to fill a critical gap in emergency medical transportation, the company has grown to serve most of Louisiana, parts of Texas, Tennessee, and Mississippi. Acadian operates a diverse fleet of over 600 ground ambulances, helicopters, and fixed-wing aircraft, providing both emergency and non-emergency medical transportation. The company also offers services through its divisions, including Acadian Air Med, Executive Aircraft Charter Service, Acadian Total Security, National EMS Academy, and Safety Management Systems.
Company Size and Industry Standing
Acadian Ambulance employs between 1,001 and 5,000 individuals, making it a significant employer in the region. The company is recognized for its commitment to quality and innovation in emergency medical services, earning accreditations from the Commission on Accreditation of Ambulance Services (CAAS) and the Commission on Accreditation of Medical Transport Systems (CAMTS). These accolades underscore Acadian's adherence to the highest standards in prehospital medical care and transportation.
Details of the Ransomware Attack
In June 2024, Acadian Ambulance fell victim to a ransomware attack orchestrated by the Daixin Team. The breach potentially compromised the personal and health information of millions of patients. The attackers claim to have stolen 11 million records, including Social Security numbers, names, birth dates, medical records, and employee information. They demanded a $7 million ransom to prevent the data from being published, but Acadian's counteroffer of $173,000 was rejected. Despite the severity of the breach, Acadian ensured that patient care and ambulance dispatch services remained uninterrupted by promptly shutting down affected systems and activating backups.
About the Daixin Team
The Daixin Team is known for engaging in dual ransomware attacks, deploying two different ransomware variants in quick succession to increase pressure on victims. This tactic was evident in their attack on Acadian Ambulance. The group often uses sophisticated techniques to evade detection, such as abusing built-in Windows APIs for keyless encryption and process injection to execute malicious code within legitimate processes.
Potential Vulnerabilities
Acadian Ambulance's extensive digital infrastructure, which includes sensitive patient and employee data, makes it a prime target for ransomware groups like the Daixin Team. The attackers likely penetrated the company's systems through vulnerabilities in their network security, possibly exploiting unpatched software or using phishing attacks to gain initial access.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.