Handala Ransomware Attack on Innovalve Bio Medical: Cybersecurity Breach Details & Impact

Incident Date:

July 15, 2024

World map

Overview

Title

Handala Ransomware Attack on Innovalve Bio Medical: Cybersecurity Breach Details & Impact

Victim

Innovalve Bio Medical

Attacker

Handala

Location

Ramat Gan, Israel

, Israel

First Reported

July 15, 2024

Handala Ransomware Attack on Innovalve Bio Medical

Overview of Innovalve Bio Medical

Innovalve Bio Medical Ltd., established in 2017, is a pioneering medical device company headquartered in Ramat Gan, Israel. Specializing in catheter-delivered heart valve therapies, Innovalve focuses on Transcatheter Mitral Valve Replacement (TMVR) technology. Their flagship product, the Innostay system, is designed to provide minimally invasive solutions for patients with severe mitral regurgitation. The company operates in close collaboration with Sheba Medical Center, leveraging the expertise of leading clinicians and researchers.

Details of the Attack

On July 16, 2024, Innovalve Bio Medical discovered that it had fallen victim to a cyberattack by the Handala group. Known for its wiper attacks, Handala targeted Innovalve's sensitive data, exfiltrating 500 GB of information. The group made this data available for download via a link on their Telegram channel. Handala's note revealed that they had been monitoring Innovalve for an extended period and issued a stark warning against the acquisition of "Zionist startups." The attack resulted in a claimed $300 million net loss for Innovalve.

About Handala Group

Handala Hack is a cybercriminal organization with a pro-Palestinian agenda, known for targeting Israeli institutions and their affiliates. The group has a history of sophisticated phishing campaigns and multi-stage loading processes to bypass security measures. Notable past attacks include breaches of Viber's source code and Israel's radar systems. Handala's tactics often involve obfuscated scripts and shellcode, making their attacks particularly challenging to defend against.

Potential Vulnerabilities

Innovalve's focus on high-stakes, innovative medical treatments makes it a prime target for cyberattacks. The company's collaboration with Sheba Medical Center and its recent acquisition by Edwards Lifesciences may have increased its visibility and attractiveness to threat actors like Handala. The attack underscores the ongoing risks faced by companies in the medical device sector, particularly those involved in cutting-edge technologies.

Penetration Methods

While the exact method of penetration in Innovalve's case remains unclear, Handala's known tactics suggest the use of sophisticated phishing campaigns and multi-stage malware loading processes. These methods likely allowed the group to infiltrate Innovalve's systems and exfiltrate sensitive data without immediate detection.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.