Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on the hospitalās IT infrastructure before the news became public knowledge. Indeed, on December 20, SuspectFile had already become aware of the ransom note written by the Ragnar_Locker group. Kudos to my colleague for his restraint. As he reports, the hospital itself had already issued an alert on its website on November 29, but Marco was privy to other details not yet made public. On December 20, Ragnar_Lockerās negotiator claimed that the hospitalās SQL database was compromised as well as the personal information of hundreds of thousands of patients and that data could be published very soon on the media. In another message, Ragnar_Locker claimed that in the event of non-negotiation, they would still be able to encrypt the entire AOAL computer network, which would lead to the blocking of normal hospital operations. As of December 22, they claimed to still have ways of being able to access different hosts and servers. As is often the case, it is possible to āshoulder surfā certain groupsā chat negotiations, which means that sensitive patient data shared with victims as proof of claims may already be in the hands of any number of people including researchers, journalists, or neāer-do-wells who intend to leak the data on a hacking forum to try to boost their reputation. For all of the ransomware groupās efforts, De Felice saw so evidence that the hospital ever replied to the attackers or attempted to negotiate with them.Ā You can read the full SuspectFile post here.
Source: Read More