Medusa Behind Crown Princess Mary Cancer Centre Breach


The alleged Crown Princess Mary Cancer Centre breach has been claimed by the Medusa ransomware group. The hacker collective added the Australia-based cancer treatment centre to its victim list and has threatened to publish the data in 7 days.

A screenshot of the alleged data breach claim by the Medusa ransomware group was shared by several cybersecurity researchers on Twitter.

The image featured the logo of the Crown Princess Mary Cancer Centre and details about the cancer center along with a button at the end to “add time:1 day”, suggesting a ransom demand and the way to pay it.

(Photo: Dominic Alvieri/ Twitter)

Researchers upset over the targeting of healthcare

The healthcare sector has continued to be a soft target for cybercriminals. According to a recent report, healthcare organizations noted a 60% increase from previous year in the number of cyber attacks with 1,426 attacks per week in 2022.

The spike in cyber attacks on the healthcare sector has also left security researchers miffed.

While Dominic Alvieiri tweeted about the Crown Princess Mary Care Centre breach and showed his disdain by writing that this was ‘another new low’, Troy Hunt wrote, “This is about as low as cybercrime gets.”

The response from the media and readers says that such cyberattacks in the hands of petty criminals reflected their value system and the lack of it.

Medusa botnet has been active since 2016, according to a Cyble blog.

It targets Linux-based devices that have vulnerabilities in routers, IP cameras, and Internet of Things (IoT) connected devices.

It can launch DDoS attacks, and generate ransom IP addresses to launch DDoS attacks on network layers 3, 4, and 7 among others.

Crown Princes Mary Cancer Centre breach

The Medusa botnet carried out the alleged Crown Princess Mary Cancer Centre breach likely using the MedusaRansomware() function. This function allows Medusa ransomware to search all the directories for specific files with extensions mentioned in its program.

It then adds the .medusastealer extension to the selected files to encrypt them using an AES 256-bit encryption key.

Researchers noted that the Medusa ransomware does not target system files for encryption.

Crown Princess Mary Cancer Centre breach & cyber attacks on healthcare sector

The claimed Crown Princess Mary Cancer Centre breach comes at a time when cancer is among the biggest reasons for death worldwide. Several patient care and services get impacted by attacks on healthcare which hackers try to bank on.

Nearly 66% of surveyed healthcare suffered a ransomware attack in 2021.

NextGen Healthcare was targeted by ALPHV which exposed data belonging to its clients from the healthcare. The Italian hospital IRCCS MultiMedica data breach was claimed by the LockBit ransomware group in April this year.

Anonymous Sudan listed 16 US hospitals on its victim list this month.

Crown Princess Mary Cancer Centre Breach

(Photo: Upgrade)

Of the nearly seven stages, a ransomware attack goes from reaching the user via a phishing email to compromising their account.

The ransomware group then moves across connected devices and seeks extra permissions to change system settings. After privilege escalation, it steals data and locks it.

If a ransom demand is not met, the data gets dumped on the dark web. While hospital staff are trained to offer healthcare related services, it is about time that alertness and security is taken seriously.

It is a tedious task, however, to continue giving healthcare services and treating patients, it is necessary to be aware of online security threats and take actions required to detect, and prevent them.





Source link