Ransomware Attack Hits Nuevo Hospital de Bocagrande in Cartagena
Incident Date:
September 12, 2024
Overview
Title
Ransomware Attack Hits Nuevo Hospital de Bocagrande in Cartagena
Victim
Nuevo Hospital de Bocagrande
Attacker
Lockbit3
Location
First Reported
September 12, 2024
Ransomware Attack on Nuevo Hospital de Bocagrande by LockBit
Nuevo Hospital de Bocagrande, a prominent healthcare institution in Cartagena, Colombia, has recently fallen victim to a ransomware attack orchestrated by the notorious hacking group LockBit. The attackers claim to have exfiltrated 341 GB of sensitive data and have set a ransom deadline for the 25th of September, by which the hospital must comply with their demands to avoid further data exposure or potential operational disruptions.
About Nuevo Hospital de Bocagrande
Established on January 1, 2009, Nuevo Hospital de Bocagrande (NHBG) specializes in high-complexity medical care, including surgical and cardiovascular services. The hospital employs approximately 157 individuals and generates an annual revenue of around $10 million USD. Known for its advanced medical treatments and high success rates in minimally invasive procedures, NHBG serves both local residents and international patients, making it a key player in the Caribbean region's healthcare landscape.
Vulnerabilities and Targeting
Despite its modern facilities and high standards of care, NHBG has faced mixed reviews regarding its cleanliness and overall experience. These vulnerabilities, coupled with the hospital's reliance on state-of-the-art technology, make it an attractive target for ransomware groups like LockBit. The hospital's extensive use of digital systems for patient records and medical procedures increases its susceptibility to cyberattacks.
Attack Overview
The ransomware group LockBit has claimed responsibility for the attack on NHBG via their dark web leak site. The group has exfiltrated 341 GB of sensitive data and is employing "double extortion" tactics, threatening to release the data publicly if the ransom is not paid. This attack highlights the growing trend of ransomware groups targeting healthcare institutions, which are often seen as high-value targets due to the critical nature of their services.
About LockBit
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware and use of RSA-2048 and AES-256 encryption algorithms, LockBit has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. The group employs "double extortion" tactics and typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.
Penetration Methods
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.