RansomHub Ransomware Strikes Rocky Mountain Gastroenterology
Incident Date:
September 28, 2024
Overview
Title
RansomHub Ransomware Strikes Rocky Mountain Gastroenterology
Victim
Rocky Mountain Gastroenterology
Attacker
Ransomhub
Location
First Reported
September 28, 2024
RansomHub Ransomware Group Targets Rocky Mountain Gastroenterology
Rocky Mountain Gastroenterology (RMG), a leading healthcare provider in the Denver, Colorado area, has fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attackers claim to have exfiltrated 200 GB of sensitive data, threatening to release it publicly within the next 1-2 days.
About Rocky Mountain Gastroenterology
RMG, officially known as Rocky Mountain Gastroenterology Associates PLLC, is the largest gastroenterology group in the Rocky Mountain region. Founded in 1996, the organization operates 15 offices and six state-of-the-art Endoscopy Centers throughout Colorado. With a workforce of 201 to 500 employees, RMG performs nearly 30,000 procedures annually, specializing in a wide range of gastrointestinal services. The practice is renowned for its commitment to quality care and cost-effective services, often providing procedures at a fraction of hospital costs.
Attack Overview
The RansomHub ransomware group, known for its aggressive tactics and sophisticated operations, has claimed responsibility for the attack on RMG. The group has a reputation for targeting high-value sectors, including healthcare, due to the critical nature of operations and the sensitivity of data involved. RansomHub's modus operandi involves double extortion, where they encrypt data and exfiltrate sensitive information to leverage ransom demands.
RansomHub's Distinctive Approach
RansomHub distinguishes itself through its Ransomware-as-a-Service (RaaS) model, which allows affiliates to conduct attacks using its sophisticated ransomware. The group employs advanced techniques such as intermittent encryption and Curve 25519 elliptic curve encryption, making it a formidable threat. RansomHub's affiliates often exploit vulnerabilities in unpatched systems and use phishing campaigns to gain initial access, followed by lateral movement and data exfiltration.
Potential Vulnerabilities
RMG's extensive network and reliance on digital systems for patient care and data management may have made it an attractive target for RansomHub. The healthcare sector's critical operations and valuable data make it particularly vulnerable to ransomware attacks. RMG's commitment to cost-effective services and extensive affiliations with local hospitals may have inadvertently increased its exposure to cyber threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.