RansomHub Ransomware Attack Exposes Sensitive Data at Brazilian Obesity Institute

Incident Date:

August 19, 2024

World map

Overview

Title

RansomHub Ransomware Attack Exposes Sensitive Data at Brazilian Obesity Institute

Victim

The Minas Gerais Institute of Obesity

Attacker

Ransomhub

Location

Belo Horizonte, Brazil

, Brazil

First Reported

August 19, 2024

RansomHub Targets The Minas Gerais Institute of Obesity in Ransomware Attack

The Minas Gerais Institute of Obesity (IMOBESIDADE), a prominent healthcare provider in Brazil, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 6 GB of sensitive data, including personally identifiable information (PII), and have threatened to release the compromised data within the next 6-7 days if their demands are not met.

About The Minas Gerais Institute of Obesity

IMOBESIDADE, located in Belo Horizonte, Minas Gerais, is a significant entity focused on addressing obesity and its related health implications in Brazil. The institute specializes in the treatment and management of obesity through a multidisciplinary approach, offering services such as medical consultations, nutritional counseling, psychological support, and surgical interventions. What sets IMOBESIDADE apart is its comprehensive and integrated approach, bringing together specialists from various fields to provide personalized care plans for patients.

Vulnerabilities and Targeting

As a healthcare provider, IMOBESIDADE handles a vast amount of sensitive patient data, making it an attractive target for ransomware groups like RansomHub. The institute's reliance on digital platforms for weight management and patient care increases its vulnerability to cyberattacks. The attack on IMOBESIDADE underscores the critical need for enhanced cybersecurity measures in the healthcare sector, which is frequently targeted due to the high value of the data it holds.

Attack Overview

RansomHub has claimed responsibility for the attack via their dark web leak site, asserting that they have exfiltrated 6 GB of sensitive data from IMOBESIDADE. The group has given the institute a 6-7 day ultimatum to meet their demands, failing which they will release the data, putting the privacy and security of the institute's patients and staff at significant risk.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub distinguishes itself by making claims and backing them up with data leaks. The group’s ransomware strains are written in Golang, a language choice that is becoming increasingly popular among ransomware developers. RansomHub's operations involve affiliates who receive 90% of the ransom money, with the remaining 10% going to the main group.

Penetration Methods

While the specific method used by RansomHub to penetrate IMOBESIDADE's systems is not disclosed, common tactics include phishing emails, exploiting software vulnerabilities, and leveraging weak security protocols. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.