KillSec Ransomware Attack on Medisetter: Impact and Analysis
Incident Date:
August 28, 2024
Overview
Title
KillSec Ransomware Attack on Medisetter: Impact and Analysis
Victim
Medisetter
Attacker
Killsec
Location
First Reported
August 28, 2024
Ransomware Attack on Medisetter by KillSec: A Detailed Analysis
Medisetter, Vietnam's largest multichannel digital network dedicated to healthcare practitioners (HCPs), has recently fallen victim to a ransomware attack orchestrated by the notorious group known as KillSec. The attack targeted the website medisetter.com and lasted for 20 hours, 23 minutes, and 28 seconds, resulting in unauthorized access to sensitive client data.
About Medisetter
Founded in 2019, Medisetter is a digital platform focused on connecting healthcare practitioners in developing countries, particularly Vietnam, with global healthcare insights and professional development opportunities. The company aims to reduce disparities in healthcare quality by fostering peer-to-peer knowledge exchange and continuing medical education (CME) among medical professionals. Medisetter operates Vietnam's largest multichannel digital community for doctors and medical students, which is particularly valuable in resource-constrained environments where access to continuing education may be limited.
Medisetter distinguishes itself through its comprehensive digital engagement solutions tailored for pharmaceutical and medical device companies. These solutions include scientific detailing, corporate brand-building, and market research, utilizing various digital formats such as webinars, video tutorials, and e-learning programs. The company has built a network comprising over 16,000 users, growing at a rate of approximately 15% month-on-month.
Attack Overview
The ransomware attack on Medisetter was executed by KillSec, a group known for targeting various industries and countries. During the attack, KillSec managed to gain unauthorized access to sensitive client data, including names, emails, phone numbers, cities, work addresses, specialty types, and districts of doctors and students. The attackers are demanding a ransom of $5000 to be paid through a specified link.
About KillSec
KillSec, also known as Kill Security, is a ransomware group that has been active in targeting various sectors, including government, manufacturing, defense, professional services, banking, and finance. The group uses a variety of communication channels such as Telegram, Session Messenger, and Tox, and demands ransom payments in Monero (XMR) cryptocurrency. KillSec is known for its extensive targeting and significant extortion amounts, ranging from 1,500 EUR to 10,000 EUR.
Penetration and Vulnerabilities
While the exact method of penetration used by KillSec in the Medisetter attack is not disclosed, it is likely that the group exploited vulnerabilities in the company's digital infrastructure. Given Medisetter's extensive digital engagement and large user base, the platform may have been an attractive target for ransomware attacks. The lack of a decryptor for KillSec's ransomware further complicates recovery efforts, making it crucial for organizations to implement effective cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.