Qilin Group Ransomware Attack on Dr. Charles A. Evans
Incident Date:
May 11, 2024
Overview
Title
Qilin Group Ransomware Attack on Dr. Charles A. Evans
Victim
Dr Charles A Evans
Attacker
Qilin
Location
First Reported
May 11, 2024
Ransomware Attack on Dr. Charles A. Evans by Qilin Group
Overview
The Charles A. Evans website was targeted in a cyber attack by an individual known as Qilin. This cybercrime involved the use of ransomware, through which 2.7 GB of sensitive data, including financial records, confidential documents, and passports, was unlawfully obtained. Despite no specific ransom demand being issued, the attacker published the stolen data online, endangering Dr. Evans' privacy and security and potentially leading to serious consequences.
Victim Profile
Dr. Charles A. Evans is associated with the Charles Evans Center (CEC) Health Care, a healthcare organization dedicated to improving the well-being and quality of life for medically underserved individuals. The organization offers high-quality medical, dental, and behavioral health care services at an affordable cost, with a focus on patient-centered care, cultural sensitivity, and multilingual services.
Company Size and Industry Standing
The center operates in the Healthcare Services sector and has multiple locations in Nassau and Suffolk County, providing various services including mental health and chemical dependency clinics. The organization's commitment to patient-centered care, cultural sensitivity, affordability, and multilingual services sets it apart in the industry, catering to underrepresented populations and striving to meet the unique healthcare needs of each patient.
Vulnerabilities and Targeting
Due to its focus on providing essential healthcare services to underserved individuals, the Charles Evans Center may have been targeted by threat actors like the Qilin ransomware group due to the sensitive nature of the data it handles. The organization's multilingual services and cultural sensitivity could have made it a prime target for cybercriminals looking to exploit potential vulnerabilities in its systems.
Ransomware Group Overview
The Qilin ransomware group, also known as Agenda, is a prominent ransomware-as-a-service (RaaS) group that targets critical infrastructure organizations worldwide, including healthcare services. The group employs a double extortion technique, encrypting victims' data and exfiltrating sensitive information to demand payment for decryption and threaten data exposure even after ransom payment.
Technical Details
Qilin ransomware attacks are highly customizable, written in Rust and Go programming languages to evade detection and encryption. The group targets victims through phishing emails containing malicious links and lateral movement across infrastructure to encrypt essential data. Qilin has targeted organizations in various countries and pays out a significant portion of its earnings to affiliates, making it a notable emerging ransomware threat.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.