Monti Group Ransomware Attack Targets Excelsior Orthopaedics' Critical Data

Incident Date:

July 9, 2024

World map

Overview

Title

Monti Group Ransomware Attack Targets Excelsior Orthopaedics' Critical Data

Victim

Excelsior Orthopaedics

Attacker

Monti

Location

Orchard Park, USA

New York, USA

First Reported

July 9, 2024

Ransomware Attack on Excelsior Orthopaedics by Monti Group

Overview of Excelsior Orthopaedics

Excelsior Orthopaedics, headquartered in Amherst, New York, is a leading provider of comprehensive orthopedic and sports medicine services. Formed in 2002 through the merger of Amherst-Tonawanda Orthopaedics and Western New York Orthopaedic Group, the organization boasts a workforce of 516 employees and reported revenue of $73 million. The practice specializes in diagnosing and treating a wide range of musculoskeletal conditions, offering both surgical and non-surgical treatment options. Their commitment to advanced, personalized care and patient education sets them apart in the healthcare sector.

Details of the Ransomware Attack

Excelsior Orthopaedics has reportedly fallen victim to a ransomware attack by the Monti group, a known cybercriminal entity. The attackers claim to have seized critical data from the organization and have threatened to release it publicly by July 16, 2024, if their demands are not met. Attempts to access Excelsior Orthopaedics' official website have been unsuccessful, leading to speculation about the severity of the attack. The website's downtime could be related to the ransomware incident or might be due to unrelated technical issues. Confirmation and further details are pending an official statement from Excelsior Orthopaedics.

Profile of the Monti Ransomware Group

The Monti group resurfaced after a two-month hiatus, targeting high-value sectors such as legal, financial services, and healthcare. Initially inspired by the Conti ransomware group, Monti has developed a new Linux-based ransomware variant with only a 29% similarity to Conti. This variant employs a distinct encryptor, enhancing its ability to evade detection. Monti distinguishes itself by claiming to highlight security vulnerabilities within company networks and threatening non-compliant companies with exposure on their data leak site's "Wall of Shame."

Potential Vulnerabilities

Healthcare organizations like Excelsior Orthopaedics are particularly vulnerable to ransomware attacks due to the sensitive nature of the data they handle. The Monti group likely penetrated Excelsior Orthopaedics' systems through sophisticated phishing attacks or exploiting unpatched software vulnerabilities. The organization's commitment to advanced medical practices and patient-centered services makes it a high-value target for cybercriminals seeking to exploit critical data for financial gain.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.