RansomHub Strikes Baim Institute, Exfiltrates 175GB Data

Incident Date:

July 6, 2024

World map

Overview

Title

RansomHub Strikes Baim Institute, Exfiltrates 175GB Data

Victim

Baim Institute for Clinical Research

Attacker

Ransomhub

Location

Boston, USA

Massachusetts, USA

First Reported

July 6, 2024

Ransomware Attack on Baim Institute for Clinical Research by RansomHub

Overview of Baim Institute for Clinical Research

The Baim Institute for Clinical Research, a non-profit organization based in Boston, Massachusetts, is renowned for its pivotal role in the design, management, and analysis of clinical trials, particularly focusing on cardiovascular diseases. With a workforce ranging between 51-200 employees, the institute is instrumental in advancing medical science through rigorous clinical studies aimed at evaluating the safety and efficacy of new treatments. The organization's commitment to high scientific and ethical standards makes it a crucial player in the medical research field, particularly in translating basic research into clinical applications that benefit patients globally.

Details of the Ransomware Attack

The Baim Institute recently fell victim to a ransomware attack orchestrated by the emerging cyber threat group, RansomHub. The attackers managed to exfiltrate approximately 175 GB of sensitive data from the institute's systems. RansomHub has set a ransom deadline of July 24th for the return of the stolen data. This incident highlights significant vulnerabilities within the institute's cybersecurity measures, exposing them to this sophisticated cyber-attack.

Profile of RansomHub

RansomHub, a relatively new player in the ransomware arena, has quickly distinguished itself by targeting a variety of organizations globally. Operating under a Ransomware-as-a-Service (RaaS) model, the group allows affiliates to retain 90% of the ransom, with the remaining 10% accruing to the core operators. RansomHub's choice of Golang for their ransomware development is indicative of their modern approach to creating more robust and difficult-to-detect ransomware tools.

Potential Vulnerabilities and Entry Points

The Baim Institute's significant data repositories, containing valuable clinical research information, make it an attractive target for cybercriminals like RansomHub. The specific entry point for the ransomware could have been through phishing attacks, poor endpoint security, or inadequate network segmentation, which are common vulnerabilities in many organizations. The high value and sensitivity of the data handled by the institute further amplify its risk profile, making it a prime target for ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.