RansomHub Ransomware Hits Neurological Institute of Savannah
Incident Date:
July 26, 2024
Overview
Title
RansomHub Ransomware Hits Neurological Institute of Savannah
Victim
Neurological Institute Of Savannah
Attacker
Ransomhub
Location
First Reported
July 26, 2024
RansomHub Ransomware Attack on Neurological Institute of Savannah
Overview of the Neurological Institute of Savannah
The Neurological Institute of Savannah, also known as the Neurosurgical & Spine Institute, is a leading healthcare facility located at 4 E. Jackson Blvd, Savannah, GA. Specializing in neurology and neurosurgery, the institute is renowned for its comprehensive approach to diagnosing and treating a wide range of neurological disorders. The institute's team includes board-certified neurosurgeons and neurologists who manage conditions such as Parkinson's disease, Alzheimer's disease, epilepsy, migraines, multiple sclerosis, and stroke therapy. Equipped with state-of-the-art technology, the institute emphasizes patient education and support, fostering an environment of trust and confidence.
Details of the Ransomware Attack
The Neurological Institute of Savannah has recently fallen victim to a ransomware attack orchestrated by the RansomHub hacker group. The attackers infiltrated the institute's network and monitored its operations for an extended period. Although they did not encrypt the network, they exfiltrated hundreds of gigabytes of sensitive data, including private patient information, employee details, and personally identifiable information (PII). RansomHub has threatened to leak this data publicly if their demands are not met, which could severely damage the institute's reputation and lead to legal actions from affected patients. The hackers have provided a sample of the stolen data as proof and are urging the institute to appoint a negotiator to discuss terms.
About RansomHub
RansomHub is a relatively new ransomware group that has emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions being among the listed victims. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.
Penetration and Vulnerabilities
RansomHub distinguishes itself by making claims and backing them up with data leaks. The group likely penetrated the Neurological Institute of Savannah's systems through sophisticated phishing attacks or exploiting vulnerabilities in the institute's network security. The healthcare sector is particularly vulnerable to such attacks due to the high value of patient data and the critical nature of healthcare services, which often leads to a higher likelihood of ransom payments.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.