Rhysida Ransomware Group Targets Gándara Center in Major Healthcare Cyberattack
Incident Date:
July 17, 2024
Overview
Title
Rhysida Ransomware Group Targets Gándara Center in Major Healthcare Cyberattack
Victim
Gandara Center
Attacker
Rhysida
Location
First Reported
July 17, 2024
Ransomware Attack on Gándara Center by Rhysida Ransomware Group
Overview of the Gándara Center
The Gándara Center, officially known as Gandara Mental Health Center, Inc., is a nonprofit organization based in Holyoke, Massachusetts. It employs approximately 300 individuals and operates over 100 locations throughout the state. The center is dedicated to promoting the well-being of culturally diverse and at-risk populations, particularly focusing on bilingual and bicultural communities. Their services include behavioral health, addiction recovery programs, youth and young adult services, and community health initiatives. The center is recognized for its culturally competent care, especially tailored to the needs of Spanish-speaking individuals and families.
Details of the Ransomware Attack
The Rhysida ransomware group has claimed responsibility for a cyberattack on the Gándara Center. The attackers have listed the center on their dark web leak site, demanding a ransom of 10 Bitcoin, approximately $650,000, with a payment deadline set for July 25th, 2024. The attack has resulted in the encryption of critical data, and the group has threatened to publish the exfiltrated information unless the ransom is paid.
About the Rhysida Ransomware Group
The Rhysida Ransomware Group emerged in May 2023 and has since targeted various sectors, including healthcare, education, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to release it publicly. Rhysida ransomware is written in C++ and uses the ChaCha20 encryption algorithm. The group typically gains initial access through phishing campaigns and leverages valid credentials to infiltrate networks. They use tools like PsExec for lateral movement and deploy the ransomware across target systems.
Potential Vulnerabilities and Penetration Methods
The Gándara Center, like many healthcare organizations, is a prime target for ransomware attacks due to the sensitive nature of the data they handle. The center's extensive network and reliance on digital records make it vulnerable to cyber threats. Rhysida likely penetrated the center's systems through phishing emails, exploiting human error to gain initial access. Once inside, they used advanced tools to enumerate the network and deploy the ransomware, encrypting critical files and demanding a ransom.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.