Medusa extortion gang demands 2M from UKs HCRG Care Group The Register

pExclusive HCRG Care Group a private health and social services provider has seemingly fallen victim to the Medusa ransomware gang which is threatening to leak whats claimed to be stolen internal records unless a substantial ransom is paidppPreviously known as Virgin Care and now owned by Twenty20 Capital HCRG runs child and family health and social services across the UK for the NHS and local authorities with a workforce said to number 5000 Its annual turnover to March 2023 its latest available figure was just shy of 250 million 315 millionppIn an update on its darkweb site the Medusa crew claimed it had stolen 2275 TB of data from HCRG and will either sell that information to a buyer for 2 million 16 million delete its copy of that info for the same amount or leak it all online if no one pays up by February 27ppAdditionally the gang claims it will delay the release for 10000 8000 per day presumably to keep negotiations open It has already leaked samples totaling 35 pages of whats said to be pilfered information including passport and driving license scans staff rotas a birth certificate and data from background checksppTicktock Medusas ransom demand on its Torhidden site against HCRG Care Group Weve redacted a URL to where miscreants can download a list of files in the supposedly swiped datappWe can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility a spokesperson for HCRG told The Register WednesdayppOur team has not observed any suspicious activity since the implementation of immediate containment measures and we are working with external forensic specialists to investigate the incident Our services are continuing to operate and safely see patients and those with appointments or who need to access our services should continue to do soppFor now then HCRG is still operational a stark contrast to what happened in Texas last year when the University Medical Center in Lubbock was forced to severely limit operations and turn away ambulances following a ransomware attack In HCRGs case it appears Medusa has skipped over encryption opting instead to steal data and hold it for ransomppMedusa surfaced in late 2022 primarily targeting Windows environments According to Palo Alto Networks Unit 42 it mainly targets five sectors Technology education manufacturing healthcare and retail US organizations are the gangs top victims with UK firms following closely behindppThe HCRG incident marks the second highprofile attack from Medusa this year against a British organization Last month it claimed it had pulled a similar heist against Gateshead Council Despite the gangs threats the council refused to pay the 600000 ransom leading Medusa to publish whats said to be stolen data onlineppIts likely HCRG will refuse to play ball too And even if the healthcare group did pay theres no guarantee Medusa wouldnt doubledip by selling the data anyway And according to security shop Cybereason last year 78 percent of organizations that paid a ransom were attacked again with 63 percent facing demands for an even larger payout the second time around ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p