Ransomware Attack Disrupts Goodless Dermatology Operations

Incident Date:

August 31, 2024

World map

Overview

Title

Ransomware Attack Disrupts Goodless Dermatology Operations

Victim

Goodless Dermatology

Attacker

Black Suit

Location

Orlando, USA

Florida, USA

First Reported

August 31, 2024

Ransomware Attack on Goodless Dermatology by BlackSuit Group

Goodless Dermatology, a prominent dermatology practice located in Orlando and Celebration, Florida, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. The attack has significantly disrupted the clinic's operations, compromising critical directories and files within the company's network.

About Goodless Dermatology

Goodless Dermatology is a well-established practice specializing in a comprehensive array of dermatological services, including medical, cosmetic, and pediatric dermatology. The clinic is particularly noted for its expertise in pediatric dermatology, catering to the skincare needs of infants, children, and adolescents. Led by Dr. Dean Goodless, a Fellow of the American Academy of Dermatology, the practice has been recognized as a "Top Doctor" by Castle Connolly for 15 consecutive years. The clinic generates an annual revenue of $5.3 million and is known for its commitment to patient care and personalized treatment plans.

Attack Overview

The ransomware attack was identified on July 16, 2023, at approximately 8:48 AM. The cybercriminal group BlackSuit has claimed responsibility for the attack via their dark web leak site. The attack has compromised various critical directories and files, including user documents, administration files, billing information, biologic data, and more. In total, 36,049 files amounting to 75,423,820,072 bytes were affected, with 6,497 directories impacted. The attack has left 10,804,227,952,640 bytes of free space on the system, indicating significant data loss and operational disruption.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.

Vulnerabilities and Penetration

Goodless Dermatology's extensive use of digital records and sensitive patient data makes it a prime target for ransomware attacks. The clinic's reliance on electronic health records (EHR) and other digital systems for patient management and billing could have provided multiple entry points for the ransomware. The exact method of penetration remains unclear, but common vectors include phishing emails, compromised remote desktop protocols (RDP), and vulnerabilities in unpatched software.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.