Ransomcortex Ransomware Attack Compromises Instituto Respirar Londrina Data

Incident Date:

July 12, 2024

World map

Overview

Title

Ransomcortex Ransomware Attack Compromises Instituto Respirar Londrina Data

Victim

Instituto Respirar Londrina

Attacker

Ransomcortex

Location

Londrina, Brazil

, Brazil

First Reported

July 12, 2024

Ransomcortex Ransomware Attack on Instituto Respirar Londrina

Overview of Instituto Respirar Londrina

Instituto Respirar Londrina, established on May 1, 2019, is a multidisciplinary healthcare facility in Londrina, Brazil, specializing in respiratory medicine. The institute focuses on the prevention, diagnosis, treatment, and management of respiratory diseases, infectious diseases, and thoracic surgery. With a team of 6-10 employees, the institute generates annual revenue between $1M-$5M. Their services include pulmonology, sleep studies, infectious disease management, bronchoscopy, and pletismography. The institution is known for its patient-centered care and its significant impact on the community by providing specialized healthcare services.

Details of the Ransomware Attack

The ransomware group Ransomcortex has claimed responsibility for a cyberattack on Instituto Respirar Londrina. The attackers targeted the hospital's digital infrastructure, encrypting 90GB of critical data. This data includes sensitive financial documents such as "REPASSE_DOS_S_CIOS_JULHO_2623.x1sx" and "Controle Conta Corrente DRA. FATIMA CHIBANA_.x1sx". The breach has severely compromised the security and accessibility of important operational and financial information, posing significant challenges to the hospital's functionality and patient care services.

Ransomcortex: Modus Operandi and Distinguishing Features

Ransomcortex is a ransomware group that exclusively targets healthcare facilities, recognizing the high value of healthcare data. This data is often exploited for financial fraud, extortion, and sale on online black markets. The group operates a dark web leak site where they recruit individuals for various tasks, including making ransom payments and gathering intelligence. Ransomcortex uses encryption software from third-party sources and does not offer Ransomware as a Service (RaaS). They avoid targeting specific nations and companies that have previously paid ransoms.

Potential Vulnerabilities and Penetration Methods

Healthcare facilities like Instituto Respirar Londrina are particularly vulnerable to ransomware attacks due to the high value of their data and the critical nature of their services. Potential vulnerabilities include outdated software, lack of robust cybersecurity measures, and insufficient employee training on phishing and other cyber threats. Ransomcortex could have penetrated the hospital's systems through phishing emails, exploiting software vulnerabilities, or using compromised credentials.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.