Rite Aid Ransomware Attack by RansomHub Affects 2.2 Million Customers

Incident Date:

July 12, 2024

World map

Overview

Title

Rite Aid Ransomware Attack by RansomHub Affects 2.2 Million Customers

Victim

Rite-Aid

Attacker

Ransomhub

Location

Camp Hill, USA

Pennsylvania, USA

First Reported

July 12, 2024

RansomHub Ransomware Attack on Rite Aid

Overview of Rite Aid

Rite Aid is a prominent American pharmacy chain, founded in 1962, that operates retail drugstores across the United States. The company offers a wide range of health and wellness services, including pharmaceutical services, over-the-counter medications, and various health and beauty products. Rite Aid is publicly traded on the New York Stock Exchange under the ticker symbol RAD and reported a sales volume of $24.6 billion in 2022. The company employs approximately 50,000 people and is headquartered in Camp Hill, Pennsylvania.

Details of the Ransomware Attack

In June 2024, Rite Aid fell victim to a ransomware attack by the group RansomHub, affecting 2.2 million people. The breach involved unauthorized access detected within 12 hours after hackers impersonated an employee on June 6. Although no Social Security numbers, financial data, or patient information were compromised, RansomHub claimed to have stolen 10 gigabytes of data, including customer names, addresses, and other personal details from transactions between June 6, 2017, and July 30, 2018. Rite Aid has notified the affected customers and is offering them free credit monitoring and identity protection for 12 months.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub's ransomware strains are written in Golang, a trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions being among the listed victims.

Penetration and Impact

RansomHub likely penetrated Rite Aid's systems by impersonating an employee, a common tactic in social engineering attacks. The rapid detection of unauthorized access within 12 hours suggests that Rite Aid had some level of monitoring in place. However, the breach still resulted in the theft of significant customer data. This incident has added to Rite Aid's challenges, including ongoing federal lawsuits and a previous data breach, prompting renewed calls for enhanced cybersecurity regulations in the healthcare sector.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.