Ransomware Attack on Goodless Dermatology by BlackSuit Group

Goodless Dermatology, a prominent dermatology practice located in Orlando and Celebration, Florida, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. The attack has significantly disrupted the clinic's operations, compromising critical directories and files within the company's network.

About Goodless Dermatology

Goodless Dermatology is a well-established practice specializing in a comprehensive array of dermatological services, including medical, cosmetic, and pediatric dermatology. The clinic is particularly noted for its expertise in pediatric dermatology, catering to the skincare needs of infants, children, and adolescents. Led by Dr. Dean Goodless, a Fellow of the American Academy of Dermatology, the practice has been recognized as a "Top Doctor" by Castle Connolly for 15 consecutive years. The clinic generates an annual revenue of $5.3 million and is known for its commitment to patient care and personalized treatment plans.

Attack Overview

The ransomware attack was identified on July 16, 2023, at approximately 8:48 AM. The cybercriminal group BlackSuit has claimed responsibility for the attack via their dark web leak site. The attack has compromised various critical directories and files, including user documents, administration files, billing information, biologic data, and more. In total, 36,049 files amounting to 75,423,820,072 bytes were affected, with 6,497 directories impacted. The attack has left 10,804,227,952,640 bytes of free space on the system, indicating significant data loss and operational disruption.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.

Vulnerabilities and Penetration

Goodless Dermatology's extensive use of digital records and sensitive patient data makes it a prime target for ransomware attacks. The clinic's reliance on electronic health records (EHR) and other digital systems for patient management and billing could have provided multiple entry points for the ransomware. The exact method of penetration remains unclear, but common vectors include phishing emails, compromised remote desktop protocols (RDP), and vulnerabilities in unpatched software.

• Goodless Dermatology - About Us
• Security Affairs - BlackSuit Similar to Royal Ransomware
• Bleeping Computer - The Week in Ransomware
• Yelp - Goodless Dermatology Orlando
• ZoomInfo - Goodless Dermatology LLC