ALPHV extort money from the British healthcare system
Cybercriminals obtained seven terabytes of confidential documents.
A group of cybercriminals have said they have hacked into one of the UK’s largest hospital groups and are threatening to release its sensitive data.
The group, known as ALPHV or BlackCat, released a statement Friday claiming it received seven terabytes of internal documents from the Barts Health NHS Trust, which operates five hospitals in London serving about 2.5 million people, according to the Trust’s website.
ALPHV uses ransomware that encrypts victims’ computers and renders them inoperable. The group then demands a ransom to unlock the computers and threatens to release the stolen data. Increasingly, however, hacker groups are ditching ransomware and simply stealing data and then threatening to release it online unless they are paid.
It is not entirely clear whether the group used their ransomware on the computers of London’s St. Bartholomew’s, the Royal London, Mile End, Whipps Cross and Newham.
A spokesman for Barts Health said on Friday: “We are aware of the ransomware attack claims and are investigating urgently.”
Brett Callow, a cyberthreat analyst at cybersecurity firm Emsisoft, said early signs suggest the group did not encrypt the data. “If the ransomware was used, then the violations would be noticeable – and possibly very serious,” he said. The group may have decided not to encrypt the data, or “Barts detected and blocked part of the attack,” he said.
The group released a selection of files it allegedly stole from Barts Health, including copies of employees’ driver’s licenses and passports, as well as internal emails and correspondence stamped “confidential.” On their dark web page, the hackers claimed in broken English that data mining from Barts Health constitutes “the biggest leak of the UK healthcare system.”
The ALPHV hackers communicate in Russian and have been active since November 2021. They carry out attacks on a wide range of companies from dozens of industries, including construction and engineering, retail, transportation, commercial services, insurance, telecommunications and pharmaceuticals, according to a report published last year by researchers from Unit 42, the cybersecurity team at Palo Alto Networks Inc. . The group is known for hiring “partners” on cybercrime forums who actually rent its ransomware to hack into companies and organizations, the report says.
The group previously disrupted Germany’s fuel distribution system after hacking into Mabanaft GmbH and Oiltanking GmbH Group. She also claimed responsibility for the hack of the Italian energy agency GSE.