LockBit Ransomware Attack Targets Great Plains Tribal Leaders' Health Board

Incident Date:

July 19, 2024

World map

Overview

Title

LockBit Ransomware Attack Targets Great Plains Tribal Leaders' Health Board

Victim

Great Plains Tribal Leaders' Health Board

Attacker

Lockbit3

Location

Rapid City, USA

South Dakota, USA

First Reported

July 19, 2024

Ransomware Attack on Great Plains Tribal Leaders' Health Board by LockBit

Overview of the Victim

The Great Plains Tribal Leaders' Health Board (GPTLHB) is a prominent organization established in 1986, dedicated to advocating for the health and wellness of American Indian communities across South Dakota, North Dakota, Nebraska, and Iowa. Representing 18 tribal nations, GPTLHB focuses on reducing health disparities and providing essential health services, including public health education and support for tribal health initiatives. Operating from its headquarters in Rapid City, South Dakota, the organization employs approximately 88 staff members and reported providing around $858,900 in grants in 2022.

Core Functions and Services

GPTLHB operates through a multifaceted approach that includes advocacy, public health education, direct health services, and epidemiological support. The organization collaborates with various tribal health programs to provide comprehensive health resources tailored to the unique needs of tribal populations. Key areas of focus include public health advocacy, health programs, epidemiological support, direct care services, and training and education.

Attack Overview

On July 19, 2024, the Great Plains Tribal Leaders' Health Board fell victim to a ransomware attack orchestrated by the LockBit group. The extent of the data breach remains unknown at this time. LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid.

About LockBit Ransomware Group

LockBit is known for its modular ransomware that encrypts its payload until execution to hinder malware analysis and detection. It uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. LockBit performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region.

Potential Vulnerabilities

GPTLHB, like many organizations in the healthcare sector, may have been targeted due to potential vulnerabilities such as outdated software, insufficient network segmentation, and lack of robust cybersecurity measures. The healthcare sector is particularly attractive to ransomware groups due to the sensitive nature of the data they handle and the critical need for continuous operation, which increases the likelihood of ransom payment.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.