From the reports of BleepingComputer, the University Hospital of New Jersey was attacked by a ransomware group called SunCrypt, which had stolen sensitive data and encrypted the systems of the hospital in early September. Later, to their demand of not leaking the stolen files, the hospital has paid a ransom of 61.9 Bitcoins ($672,744) to the ransomware operators and received stolen data and the decryptor.
New Jersey University Hospital Surrendered
Though some ransomware operators like Maze, CLOP, DoppelPaymer, etc have agreed not to target medical facilities amidst this pandemic, SunCrypt operators have no such considerations. The ransomware operators have attacked the University Hospital of New Jersey in Newark, New Jersey in early September, and encrypted all their systems.
They had also stolen unencrypted data before encrypting the systems, making it a prime weapon to force victims to pay the ransom.
According to BleepingComputer, the New Jersey University Hospital has contacted the ransomware operators via the dark web portal and negotiated the ransom from earlier $1.7 million to $672,744, since they said it’s negotiable.
Thus, they’ve agreed to pay the required ransom of $672,744 (in terms of 61.9 Bitcoins) on September 19th to the ransomware operator, in order to prevent them from leaking the data. They have earlier posted an archive about 48,000 files having the sensitive data and warned about leaking the rest if not paid.
Though there’s no information about what kind of data they had stolen, they claimed about having 240GB of patient data like their DOB, ID scans, illness type, and Social Security Numbers. After paying the ransom, the operators have given the “decryptor, all stolen data, a security report, and an agreement not to disclose any stolen data or attack UHNJ again.”
From the security report they had given, it’s found that an employee of the hospital had fallen to a phishing email, who has given his credentials to the network. This eventually let attackers gain access to the hospital’s Citrix servers and compromise their workstations.