Greene Acres Nursing Home Hit by Rhysida Ransomware Attack

Incident Date:

September 20, 2024

World map

Overview

Title

Greene Acres Nursing Home Hit by Rhysida Ransomware Attack

Victim

Greene Acres Nursing Home

Attacker

Rhysida

Location

Paragould, USA

Arkansas, USA

First Reported

September 20, 2024

Ransomware Attack on Greene Acres Nursing Home by Rhysida

Greene Acres Nursing Home, a prominent non-profit facility located in Paragould, Arkansas, has fallen victim to a ransomware attack orchestrated by the Rhysida ransomware group. The attackers have claimed responsibility for the breach and are demanding a ransom of 10 Bitcoin, approximately $635,000, with a deadline set for September 27th.

About Greene Acres Nursing Home

Greene Acres Nursing Home is a well-established non-profit organization dedicated to providing comprehensive rehabilitation and long-term care services. With over fifty years of experience, the facility is recognized for its commitment to the holistic needs of its residents, emphasizing both medical and emotional support. The nursing home has a capacity of 143 beds and offers skilled nursing care, physical, occupational, and speech therapy, as well as various social engagement activities to promote resident interaction and well-being.

Attack Overview

The Rhysida ransomware group has claimed responsibility for the attack on Greene Acres Nursing Home via their dark web leak site. The attackers have reportedly breached the organization's data and are demanding a ransom to prevent the public release of the stolen information. The attack has raised significant concerns about the security of sensitive patient data and the operational impact on the facility.

About Rhysida Ransomware Group

The Rhysida ransomware group emerged in May 2023 and has since targeted various sectors, including healthcare, education, manufacturing, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish the information unless a ransom is paid. Rhysida ransomware is written in C++ and uses the ChaCha20 encryption algorithm. The group typically deploys the ransomware through phishing campaigns and leverages valid credentials to establish network connections.

Penetration and Vulnerabilities

While the exact method of penetration in the Greene Acres Nursing Home attack is not yet confirmed, Rhysida commonly uses phishing campaigns to gain initial access. The group then employs tools like Advance IP/Port Scanner and Sysinternals PsExec to move laterally within the network. The vulnerabilities in healthcare facilities, such as outdated software and insufficient cybersecurity measures, make them attractive targets for ransomware groups like Rhysida.

Impact on Greene Acres Nursing Home

The ransomware attack on Greene Acres Nursing Home has significant implications for the facility. The potential exposure of sensitive patient data could lead to severe privacy violations and legal repercussions. Additionally, the operational disruption caused by the attack may hinder the facility's ability to provide essential care services, affecting the well-being of its residents.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.