RansomHub Publishes Exfiltrated Florida Health Department Data

Ransomware threat actors RansomHub have claimed to have published 100 gigabytes of exfiltrated data belonging to the Florida Department of Health asserting that the agency failed to pay a ransom demand following an attack.

‍

RansomHub the following message along with a link to the data: “The Florida Department of Health is responsible for protecting the public health and safety of the residents and visitors to the state of Florida. It is a cabinet-level agency of the state government, headed by a state surgeon general who reports to the governor. The department has its headquarters in Tallahassee.”

‍

“Florida, in compliance with guidelines from the Cybersecurity and Infrastructure Security Agency, has a policy of not paying ransomware demands, as payment does not guarantee an organization will regain access to its data or be able to resume normal operations,” State Scoop reports.

‍

“The Florida Department of Health did not respond to a request for comment.”

‍

Takeaway: Originally, the malicious payloads would encrypt files and demand payment for decryption keys. Security teams found success in either restoring from backups or accepting loss of data as an acceptable consequence.  

‍

Cybercriminals evolved and introduced data exfiltration capabilities into their attacks, where they not only demand payment of a ransom to regain access to encrypted systems, but they also demand further payment for the stolen data itself. Of course, there is no guarantee that payment will protect the stolen data from being exploited.  

‍

Data exfiltration and the threat of exposure are now a central aspect of nearly every ransomware operator’s playbook and significantly increase the chances for the extortion efforts to be successful.  

‍

The types of data threat actors exfiltrate typically include the personally identifiable information of clients or employees, information related to payment processing, the organization's business dealings, trade secrets, and intellectual property, and other data the attacker can leverage for tactical or financial gain.  

‍

Specific to ransomware attacks, threat actors have increasingly engaged in data exfiltration prior to the detonation of the ransomware payload that encrypts the targeted systems.  

‍

Ransomware operators may use exfiltrated data in Double Extortion schemes to compel the target to pay the ransom demand under the threat that the data will be exposed if payment is not received by a deadline set by the attackers.  

‍

Protecting sensitive data through robust cybersecurity measures, including encryption, access controls, and employee training, is essential in safeguarding against data loss and intellectual property theft.  

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.