Medusa Ransomware Strikes Harry Perkins Medical Institute

Incident Date:

July 7, 2024

World map

Overview

Title

Medusa Ransomware Strikes Harry Perkins Medical Institute

Victim

Harry Perkins Institute of medical research

Attacker

Medusa

Location

Nedlands, Australia

, Australia

First Reported

July 7, 2024

Analysis of the Medusa Ransomware Attack on Harry Perkins Institute of Medical Research

Victim Profile: Harry Perkins Institute of Medical Research

The Harry Perkins Institute of Medical Research, established in 1998 and located in Western Australia, is a premier adult medical research institute. With over 250 researchers, the institute operates across three research facilities co-located with major teaching hospitals. As a registered charity, the institute is renowned for its groundbreaking research in diseases such as cancer, heart disease, and neurological disorders. Its focus on translating scientific discoveries into clinical applications sets it apart in the medical research field.

Vulnerabilities and Target Appeal

The institute's significant data repositories, containing sensitive research data and personal information, make it an attractive target for cybercriminals. The integration of its systems with hospitals and the reliance on digital platforms for data sharing and storage potentially increase its cybersecurity risk exposure. These factors, combined with the healthcare sector's known vulnerabilities to ransomware due to the critical nature of its services, likely contributed to making the Perkins Institute a target for the Medusa ransomware group.

Attack Overview

The Medusa ransomware group has claimed responsibility for a ransomware attack on the Harry Perkins Institute of Medical Research. The attack compromised the institute's internal servers, leading to an operational disruption and the exfiltration of 4.6 TB of internal camera recordings. The group has demanded a ransom of $500,000, threatening to increase the ransom amount daily by $10,000 if their demands are not met by July 12. The institute is currently working with cybersecurity experts and law enforcement to manage the incident and mitigate any further risks.

Medusa Ransomware Group Profile

Emerging in late 2022, the Medusa ransomware group operates as a Ransomware-as-a-Service (RaaS) platform, allowing affiliates to deploy its ransomware in targeted attacks. The group is known for its aggressive tactics, including disabling shadow copies and killing numerous applications to evade detection. Medusa's recent activities have shown a capability to orchestrate large-scale breaches, targeting various sectors globally with demands often reaching into the hundreds of thousands to millions of dollars.

Potential Penetration Techniques

While the specific penetration method used in the attack on the Perkins Institute has not been disclosed, Medusa's known tactics include phishing, exploitation of unpatched vulnerabilities, and possibly compromising third-party services. The group's sophisticated approach suggests a possible use of advanced persistent threats (APTs), where they gain foothold through seemingly benign means and escalate their access quietly over time.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.