The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly stolen during the cyberattack.
The cyberattack on Mayanei Hayeshua occurred in early August, disrupting the hospital’s record-keeping system and preventing new patients from receiving care.
Yesterday, security researcher MalwareHunterTeam noted that the Ragnar Locker ransomware group claimed responsibility for the attack, creating a new page for the hospital on their data leak site.
The entry on the data leak site contains a message from the threat actors, claiming that they did not encrypt devices due to the victim being a hospital but did steal data from the organization.
“First of all, we want to emphasize that since this is a medical institution – we didn’t run any encryption to avoid equipment malfunctions, or necessary instruments,” reads the Ragnar Locker data leak site.
“However, serious vulnerabilities allows us to download a lot of data and someone else in our place could use such vulnerability in any other way.”
The threat actors have now published 420 GB of allegedly stolen data, warning that further data would be published over the next week.
Ragnar Locker claims to have stolen sensitive information during the attack, including medical records, procedure information, and drug prescriptions.
In a Mayanei Hayeshua ransom note from the attack seen by BleepingComputer, the threat actors claim that they stole 1TB of data, including a SQL database and emails.
BleepingComputer contacted Mayanei Hayeshua to confirm if the stolen data belonged to their organization but did not receive a response.
Hospitals make for high-value targets due to the highly sensitive nature of their medical records and data collected from patients requiring healthcare. This stolen data is then used as leverage to extort hospitals for significant ransom demands.
Over the past couple of months, we have seen an increase in ransomware and extortion gangs targeting hospitals, with both Prospect Medical Holdings in the USA and Madeira Health Service (Sesaram) recently targeted by Rhysida.