Rhysida Ransomware Strikes Rob's Whole Health Pharmacy

Incident Date:

May 30, 2024

World map

Overview

Title

Rhysida Ransomware Strikes Rob's Whole Health Pharmacy

Victim

Rob's Whole Health Pharmacy

Attacker

Rhysida

Location

LaSalle, Canada

, Canada

First Reported

May 30, 2024

Ransomware Attack on Rob's Whole Health Pharmacy

Company Overview

Rob's Whole Health Pharmacy, located in LaSalle, Ontario, Canada, is a small family-owned pharmacy that has been serving the community for a long time. They offer a variety of health and wellness products, including prescription medications, over-the-counter medications, vitamins, supplements, and natural health products. The pharmacy is renowned for its personalized care and commitment to promoting overall health and well-being for its customers.

Company Size and Standout

As a small business with a single location, Rob's Whole Health Pharmacy distinguishes itself by providing fast, friendly, and professional service to its customers. The pharmacy focuses on their overall health and well-being, earning a strong reputation in the area with high ratings on platforms like Luminous Health and the Better Business Bureau.

Company Vulnerabilities

Operating in the healthcare services sector makes Rob's Whole Health Pharmacy a prime target for threat actors like the Rhysida ransomware group. The pharmacy likely stores sensitive patient information, making it an attractive target for cybercriminals looking to exfiltrate data for ransom. Additionally, as a small business, Rob's Whole Health Pharmacy may have limited resources to invest in robust cybersecurity measures, increasing their vulnerability to attacks.

Attack Overview

The Rhysida ransomware group targeted Rob's Whole Health Pharmacy, leaking data that included employees' information and personally identifiable information (PII). The hackers demanded a ransom of 3 BTC (approximately $205,000) from the pharmacy to prevent the public distribution of the exfiltrated data.

Ransomware Group Profile

Rhysida is a new player in the cybercrime arena that primarily targets sectors like healthcare, education, manufacturing, information technology, and government. They distinguish themselves by employing a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida ransomware is known for targeting Windows Operating Systems and using the ChaCha20 encryption algorithm.

Possible Penetration Methods

The Rhysida ransomware group could have infiltrated Rob's Whole Health Pharmacy's systems through methods such as leveraging phishing campaigns, exploiting vulnerabilities in the pharmacy's network, or using valid credentials to establish network connections. The group is known to employ tools like PortStarter and SystemBC for their attacks, indicating a sophisticated approach to infiltrating victim networks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.