RansomExx Ransomware Breach Exposes Over 568,000 NURSING.com Users
Incident Date:
August 3, 2024
Overview
Title
RansomExx Ransomware Breach Exposes Over 568,000 NURSING.com Users
Victim
NURSING.com
Attacker
Ransomexx
Location
First Reported
August 3, 2024
RansomExx Ransomware Attack on NURSING.com
NURSING.com, a prominent educational platform supporting over 450,000 nursing students and professionals, has been targeted by the notorious ransomware group RansomExx. This attack has compromised sensitive user data, posing significant risks to the privacy and security of its users.
About NURSING.com
NURSING.com is an online platform designed to aid nursing students in their educational journey and preparation for the NCLEX® exam. The platform offers a variety of resources, including structured courses, study plans, practice questions, and the SIMCLEX®, a simulated NCLEX exam. NURSING.com is particularly beneficial for visual learners and students with conditions such as ADHD, dyslexia, and anxiety. The platform boasts a high NCLEX® pass rate of 99.25% and is trusted by over 450,000 users.
Attack Overview
The ransomware attack by RansomExx has resulted in the compromise of a significant amount of user data. The attackers have leaked a database containing information on 568,221 users, including email addresses, passwords, and other personal details. This breach threatens the platform's self-paced learning model, which allows students to access materials and track their progress online at any time.
About RansomExx
RansomExx, also known as Sprite Spider, is a ransomware group active since 2018. The group targets both Windows and Linux environments, employing sophisticated techniques such as compromised remote desktop protocol, phishing campaigns, and exploiting vulnerabilities. RansomExx is known for its "double extortion" tactic, where stolen data is published on their dark web leak site if the ransom is not paid. High-profile victims of RansomExx include the Texas Department of Transportation, Gigabyte, and Ferrari.
Penetration Methods
RansomExx likely penetrated NURSING.com's systems through a combination of phishing campaigns and exploiting vulnerabilities in the platform's security infrastructure. The group's use of tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities further facilitated the infiltration and spread within the target network.
Impact on NURSING.com
The attack has severely impacted NURSING.com, compromising the trust and security of its users. The leaked data poses a significant risk to the privacy of nursing students and professionals who rely on the platform for their educational needs. The breach underscores the importance of strong cybersecurity measures to protect sensitive information in the education sector.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.