Rhysida Ransomware Strikes Rob's Whole Health Pharmacy
Incident Date:
May 30, 2024
Overview
Title
Rhysida Ransomware Strikes Rob's Whole Health Pharmacy
Victim
Rob's Whole Health Pharmacy
Attacker
Rhysida
Location
First Reported
May 30, 2024
Ransomware Attack on Rob's Whole Health Pharmacy
Company Overview
Rob's Whole Health Pharmacy, located in LaSalle, Ontario, Canada, is a small family-owned pharmacy that has been serving the community for a long time. They offer a variety of health and wellness products, including prescription medications, over-the-counter medications, vitamins, supplements, and natural health products. The pharmacy is renowned for its personalized care and commitment to promoting overall health and well-being for its customers.
Company Size and Standout
As a small business with a single location, Rob's Whole Health Pharmacy distinguishes itself by providing fast, friendly, and professional service to its customers. The pharmacy focuses on their overall health and well-being, earning a strong reputation in the area with high ratings on platforms like Luminous Health and the Better Business Bureau.
Company Vulnerabilities
Operating in the healthcare services sector makes Rob's Whole Health Pharmacy a prime target for threat actors like the Rhysida ransomware group. The pharmacy likely stores sensitive patient information, making it an attractive target for cybercriminals looking to exfiltrate data for ransom. Additionally, as a small business, Rob's Whole Health Pharmacy may have limited resources to invest in robust cybersecurity measures, increasing their vulnerability to attacks.
Attack Overview
The Rhysida ransomware group targeted Rob's Whole Health Pharmacy, leaking data that included employees' information and personally identifiable information (PII). The hackers demanded a ransom of 3 BTC (approximately $205,000) from the pharmacy to prevent the public distribution of the exfiltrated data.
Ransomware Group Profile
Rhysida is a new player in the cybercrime arena that primarily targets sectors like healthcare, education, manufacturing, information technology, and government. They distinguish themselves by employing a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida ransomware is known for targeting Windows Operating Systems and using the ChaCha20 encryption algorithm.
Possible Penetration Methods
The Rhysida ransomware group could have infiltrated Rob's Whole Health Pharmacy's systems through methods such as leveraging phishing campaigns, exploiting vulnerabilities in the pharmacy's network, or using valid credentials to establish network connections. The group is known to employ tools like PortStarter and SystemBC for their attacks, indicating a sophisticated approach to infiltrating victim networks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.