lockbit attacks Heidell, Pittoni, Murphy & Bach

Incident Date:

May 15, 2022

World map

Overview

Title

lockbit attacks Heidell, Pittoni, Murphy & Bach

Victim

Heidell, Pittoni, Murphy & Bach

Attacker

Lockbit

Location

Bridgeport, USA

Connecticut, USA

First Reported

May 15, 2022

Cyberattack on HPMB's Systems: A Detailed Account

“On or about November 22, 2021, an attacker exploited vulnerabilities in HPMB’s Hybrid Exchange Management Server to gain access to HPMB’s systems. The vulnerabilities the attacker exploited had been identified by Microsoft several months earlier—in April and May 2021—and Microsoft had released patches for the software vulnerabilities around the same time. HPMB did not timely apply the patch for these vulnerabilities, rendering the server vulnerable to the attack.

On or around December 25, 2021, the attacker deployed the Lockbit ransomware variant on HPMB’s systems using PSExec. HPMB personnel were alerted to this intrusion on December 25, when HPMB received an internal alert relating to syncing errors. HPMB subsequently identified encryption on its network consistent with a ransomware attack.

In response to the attack, HPMB disconnected its servers from the internet and hired a forensic cybersecurity firm to conduct a forensic investigation. The forensic firm engaged in discussions with the attackers, who provided the forensic firm a list of tens of thousands of files the attackers claimed to have exfiltrated from HPMB’s systems. This list included legal pleadings, patient lists, and medical records that HPMB had in its possession in connection with litigation matters.

The forensic firm identified evidence that the listed files had been staged and exfiltrated from HPMB’s systems. HPMB subsequently paid $100,000 in ransom in exchange for the return and promised deletion of the exfiltrated data but was not provided evidence the data was deleted.”

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.