Posted on April 28, 2020 at 2:19 PM
Last month, a US-based pharmaceutical company, ExecuPharm, was the subject of a ransomware attack where the hackers reportedly compromised its servers.
And recently, the hackers published the leaked data on the darknet. Based on a letter sent to the Attorney General by the medical firm, the compromised details include passport numbers, driving license details, financial details, social security numbers, and other valuable information.
Reports revealed that the hackers are part of the CLOP ransomware syndicate, and they have published an array of data including accounting records, financial data, and email records on the dark web.
Other ransomware groups like Sodinokibi, Maze, and DopplePaymer were reportedly discovered to be stealing data from the company’s database. The group encrypted the data and requested for ransom. Most ransomware groups opt to sell their stolen data if the victim does not comply with their ransom demands. It is the modus operandi of most ransomware hackers, including the CLOP group.
However, both local and federal law enforcement have been informed about the development. ExecuPharm has also invited a third party security outfit to investigate the situation.
Hackers paying more attention to the health sector
Hackers have intensified efforts in the health sector, which may be connected to the current COVID-19 environment where health workers are more active to help reduce the spread of the pandemic.
Cybercriminals have taken advantage of the situation and are now infiltrating computer servers and networks within the health sector. There have been DDoS attacks, impersonation, as well as ransomware attacks in the health sector recently.
However, many ransomware groups have promised not to attack medical firms who are directly helping to fight the pandemic. CLOP also reiterated its desire to leave medical facilities out during its malware hacking campaign. But CLOP said companies like ExecuPharm are not included in the exemption because they are the companies that gain immensely from the pandemic.
There is good news amidst the ransomware attack
Despite the environment where the ransomware attack has been the order of the day, there has been a positive development. A ransomware group known as Shade has decided to relinquish its hacking activities. The group has also released more than 750,000 decryption keys to enable its victims to unlock their database files.
Kaspersky, a popular cybersecurity firm based in Russia, has confirmed that the encryption is genuine. As a result, the company is creating free encryption software in the coming weeks.
Shade was first discovered in 2014, although it’s not clear when the ransomware group began operation. The group is regarded as one of the oldest hacking syndicates on the internet. However, the group took a major decision in December last year to close its ransomware business, and it’s not clear what prompted the company’s decision. As part of that decision, this week it released the encryption keys of the data in its possession.
This common hacking method utilized by many ransomware groups encrypts the files of the victims to make it difficult to unlock. The new technique was initially used by a ransomware group known as Maze. Since then, several new ransomware groups have started adopting that method of encrypting files and exfiltrating the data.
An executive in the company confirmed the incident and stated that the medical firm is looking into the incident.
Victims advised not to pay the ransom
The operational method of CLOP is a bit different and more difficult to decrypt, unlike some other strains of a ransomware attack. When Maastricht University was attacked last year, it had to pay a ransom of $200,000 to decrypt its hundreds of servers. But the FBI has warned organizations not to pay ransom for their compromised data, adding that the idea will only increase the number of cyberattacks.
In a blog post, the agency advised the public on the best way to avoid ransomware attacks.
The best way to avoid being exposed to ransomware …. is to be a cautious and conscientious computer user,” the agency said.