Everest Ransomware Strikes Pureform Radiology in Alberta
Incident Date:
September 23, 2024
Overview
Title
Everest Ransomware Strikes Pureform Radiology in Alberta
Victim
Pureform Radiology Center
Attacker
Everest
Location
First Reported
September 23, 2024
Everest Ransomware Group Targets Pureform Radiology Center
Pureform Radiology Center, a prominent diagnostic imaging provider in Calgary and Airdrie, Alberta, has fallen victim to a ransomware attack orchestrated by the notorious Everest ransomware group. This incident highlights the increasing vulnerability of healthcare providers to cyber threats, with potential repercussions for patient data security and service delivery.
About Pureform Radiology Center
Pureform Radiology Center is a community-focused diagnostic imaging provider specializing in services such as X-rays, ultrasounds, mammography, and bone mineral densitometry. Established in 2008, Pureform was the first community provider of digital mammography in Calgary. The center operates under the brand PureKids Radiology for pediatric services, emphasizing a comforting environment for young patients. With a team of over fourteen radiologists, Pureform is known for its commitment to high-quality patient care and accessibility, with services fully covered by Alberta Health Care.
Details of the Ransomware Attack
The Everest ransomware group has claimed responsibility for the attack on Pureform Radiology Center, as announced on their dark web leak site. The attack has reportedly compromised the center's operational capabilities, potentially affecting patient data and service delivery. Everest is known for its sophisticated encryption methods, which likely rendered critical systems inaccessible until a ransom is paid. This attack underscores the growing threat of ransomware to healthcare providers, which can have severe implications for patient care and data security.
Profile of the Everest Ransomware Group
Active since December 2020, the Everest ransomware group is notorious for its involvement in ransomware attacks, data exfiltration, and initial access brokering. The group targets organizations across various industries, with a particular focus on the healthcare sector. Everest employs a combination of compromised user accounts and Remote Desktop Protocol for lateral movement, using AES and DES algorithms to encrypt files. The group has been linked to other ransomware entities, such as BlackByte, and is known for its high ransom demands.
Potential Vulnerabilities and Penetration Tactics
Healthcare providers like Pureform Radiology Center are increasingly targeted by ransomware groups due to the critical nature of their services and the sensitive data they handle. The Everest group may have penetrated Pureform's systems through compromised user accounts or vulnerabilities in remote access protocols. The attack highlights the need for comprehensive cybersecurity measures in the healthcare sector to protect against such sophisticated threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.