MoneyMessage Ransomware Strikes First Baptist Medical Center in Dallas
Incident Date:
June 19, 2024
Overview
Title
MoneyMessage Ransomware Strikes First Baptist Medical Center in Dallas
Victim
First Baptist Medical Center
Attacker
Money Message
Location
First Reported
June 19, 2024
Analysis of the MoneyMessage Ransomware Attack on First Baptist Medical Center
Victim Profile: First Baptist Medical Center
First Baptist Medical Center (FBMC) is a specialized healthcare provider located in Dallas, Texas, known for its advanced surgical procedures in various disciplines including bariatric, spine, and orthopedic surgery. As a non-profit entity, FBMC is committed to high-quality patient care, evidenced by its accreditation from The Joint Commission. Despite its prominence in surgical specialties, the center's digital infrastructure became a target, highlighting potential vulnerabilities in its cybersecurity measures.
Attack Overview
On June 20, 2024, FBMC fell victim to a ransomware attack by the MoneyMessage group, leading to the theft of 264GB of sensitive data. The breach not only threatened patient and operational data integrity but also imposed an estimated revenue impact of $13.1 million. This incident underscores the critical nature of robust cybersecurity frameworks in protecting sensitive health data.
Ransomware Group: Money Message
The Money Message ransomware group, known for its stealth and sophisticated double extortion tactics, first surfaced in March 2023. The group has since targeted various organizations, leveraging techniques that complicate detection and increase their chances of extracting ransoms. In the case of FBMC, the likely initial access was through compromised valid accounts, exploiting weaker points in the network possibly linked to inadequate multi-factor authentication protocols.
Attack Penetration and Impact
The attack methodology of MoneyMessage involves deploying an encryptor that uses advanced algorithms to lock data, followed by threats of public data leakage to coerce victims into paying ransoms. For FBMC, the immediate effect was the loss of critical data and significant financial repercussions, highlighting the ongoing threat posed by such cybercriminal groups to institutions handling sensitive information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.