Ransomware Attack on Texas Therapy Council by Hunters International
Incident Date:
July 25, 2024
Overview
Title
Ransomware Attack on Texas Therapy Council by Hunters International
Victim
Physical & Occupational Therapy Examiners of Texas
Attacker
Hunters International
Location
First Reported
July 25, 2024
Ransomware Attack on ECPTOTE by Hunters International
Overview of the Victim: ECPTOTE
The Executive Council of Physical Therapy and Occupational Therapy Examiners (ECPTOTE) is a regulatory body in Texas responsible for overseeing the practice of physical therapy and occupational therapy. The council supports two main boards: the Texas Board of Physical Therapy Examiners (TBPTE) and the Texas Board of Occupational Therapy Examiners (TBOTE). ECPTOTE ensures that practitioners are properly licensed, regulates the profession, and promotes public safety initiatives. The council oversees approximately 12,660 licensed occupational therapists and 6,935 licensed occupational therapy assistants in Texas.
Attack Details
Hunters International, a ransomware group, has claimed responsibility for a cyberattack on ECPTOTE. The group reportedly exfiltrated 139.1 GB of data, encompassing 195,822 files, including sensitive military information. This breach underscores the increasing threat of ransomware attacks on critical institutions and the severe implications of data theft.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive, indicating a shared technical lineage. Hunters International focuses on exfiltrating data and extorting victims for ransom. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Vulnerabilities
ECPTOTE's vulnerabilities that may have been exploited by Hunters International include potential weaknesses in their cybersecurity infrastructure, such as outdated software, insufficient employee training on phishing attacks, and lack of multi-factor authentication. The ransomware group likely penetrated ECPTOTE's systems through phishing emails or exploiting unpatched software vulnerabilities, allowing them to exfiltrate a substantial amount of sensitive data.
Impact and Implications
The ransomware attack on ECPTOTE has significant implications, including potential financial losses, reputational damage, and the risk of sensitive data being exposed or sold on the dark web. The inclusion of sensitive military information in the stolen data further exacerbates the severity of the breach, highlighting the critical need for robust cybersecurity measures in regulatory bodies and other critical institutions.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.