LockBit Ransomware Attack Breaches Sensitive Data at As-Salam International Hospital
Incident Date:
July 19, 2024
Overview
Title
LockBit Ransomware Attack Breaches Sensitive Data at As-Salam International Hospital
Victim
As-Salam International Hospital
Attacker
Lockbit3
Location
First Reported
July 19, 2024
LockBit Ransomware Attack on As-Salam International Hospital
Overview of As-Salam International Hospital
As-Salam International Hospital (ASSIH), established in 1982 and located in Cairo, Egypt, is a prominent tertiary care facility recognized for its comprehensive medical services and advanced healthcare technologies. Operating under the Alameda Healthcare Group, the hospital aims to enhance private healthcare in Egypt and the broader MENA region. Accredited by the Joint Commission International (JCI), ASSIH is committed to high-quality healthcare standards. The hospital offers a wide range of medical services across more than 30 specialties, catering to both inpatient and outpatient needs. It employs over 700 physicians and 400 nurses, and has a capacity of over 400 beds.
Details of the Ransomware Attack
As-Salam International Hospital has recently fallen victim to a ransomware attack orchestrated by the LockBit group. The cybercriminals have reportedly exfiltrated a significant amount of sensitive information, including medical records, patient diagnoses, financial data, and other critical data. The attackers have set a ransom deadline for July 26, 2024, by which they demand payment to prevent the release or further exploitation of the stolen information. This attack has left the hospital grappling with the dual challenge of securing its systems and mitigating the potential fallout from this breach.
About LockBit Ransomware Group
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The ransomware uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.
Potential Vulnerabilities and Penetration Methods
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The hospital's extensive digital infrastructure and the sensitive nature of its data make it a prime target for such sophisticated ransomware attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.