RansomHouse Targets United Urology Group in Major Ransomware Attack
RansomHouse Targets United Urology Group in Major Ransomware Attack
Company Overview
United Urology Group, a management services organization, is a leading national network of urology specialists operating affiliate practices in Arizona, Colorado, Delaware, Maryland, and Tennessee. With 220 providers across 95 locations, it stands as one of the largest urology networks in the U.S., dedicated to providing high-quality urological care including surgeries, prostate care, and kidney stone treatments.
Details of the Attack
On April 5, 2024, United Urology Group fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHouse. The attack resulted in the exfiltration and encryption of approximately 300GB of sensitive data. The data, critical to patient care and operations, is currently held ransom, with the disclosure of this data pending the group's response to the ransom demands.
RansomHouse: A Unique Threat
RansomHouse, distinct from traditional ransomware groups, focuses on data exfiltration rather than encryption. They threaten to publicly release stolen data if their demands are not met, leveraging stolen credentials and advanced penetration techniques to access networks. RansomHouse has been linked to other ransomware entities like White Rabbit and Hive, utilizing tools such as PowerShell and Mimikatz to maintain access and evade detection.
Vulnerabilities Exploited
The attack on United Urology Group underscores significant cybersecurity vulnerabilities within healthcare organizations. These vulnerabilities include inadequate network segmentation, weak password policies, and insufficient monitoring of remote access points. RansomHouse likely exploited compromised credentials to infiltrate the network, employing persistence mechanisms to maintain access and exfiltrate data using tools like 7-Zip for obfuscation.
Impact and Response
The breach has serious implications for United Urology Group, both in terms of operational disruption and potential reputational damage. With a reported revenue of $23.8 million and a workforce of 178 employees, the organization must now focus on mitigating the fallout, safeguarding patient data, and addressing the identified security gaps to prevent future attacks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!