LockBit Ransomware Attack Breaches Sensitive Data at As-Salam International Hospital

Incident Date: Jul 19, 2024

Attack Overview
VICTIM
As-Salam International Hospital
INDUSTRY
Healthcare Services
LOCATION
Egypt
ATTACKER
Lockbit
FIRST REPORTED
July 19, 2024

LockBit Ransomware Attack on As-Salam International Hospital

Overview of As-Salam International Hospital

As-Salam International Hospital (ASSIH), established in 1982 and located in Cairo, Egypt, is a prominent tertiary care facility recognized for its comprehensive medical services and advanced healthcare technologies. Operating under the Alameda Healthcare Group, the hospital aims to enhance private healthcare in Egypt and the broader MENA region. Accredited by the Joint Commission International (JCI), ASSIH is committed to high-quality healthcare standards. The hospital offers a wide range of medical services across more than 30 specialties, catering to both inpatient and outpatient needs. It employs over 700 physicians and 400 nurses, and has a capacity of over 400 beds.

Details of the Ransomware Attack

As-Salam International Hospital has recently fallen victim to a ransomware attack orchestrated by the LockBit group. The cybercriminals have reportedly exfiltrated a significant amount of sensitive information, including medical records, patient diagnoses, financial data, and other critical data. The attackers have set a ransom deadline for July 26, 2024, by which they demand payment to prevent the release or further exploitation of the stolen information. This attack has left the hospital grappling with the dual challenge of securing its systems and mitigating the potential fallout from this breach.

About LockBit Ransomware Group

LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The ransomware uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.

Potential Vulnerabilities and Penetration Methods

LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The hospital's extensive digital infrastructure and the sensitive nature of its data make it a prime target for such sophisticated ransomware attacks.

Sources

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.