The notorious Rhysida ransomware group recently claimed a successful hack on King Edward VII’s Hospital in London, an esteemed provider of specialized medical care with a rich history dating back to its founding by King Edward VII in 1899.
The ransomware group added the hospital to its list of victims on a Tor leak site, displaying images of stolen documents that include medical reports, x-rays, prescriptions, and more. The group boasts access to a vast trove of patient and employee data, even alleging the possession of information from the Royal Family.
An announcement on the leak site reveals the offer of a ‘unique files’ package, which includes Royal Family data and a significant amount of patient and employee records, up for sale as a single lot at the price of 10 BTC. The group intends to publicly release the data over seven days unless a buyer is found.
Rhysida ransomware, active since May 2023, has targeted multiple sectors, including education, healthcare, manufacturing, information technology, and government entities. The group focuses on opportune targets, as confirmed by the recent addition of the British Library and China Energy Engineering Corporation to its list of victims.
A joint Cybersecurity Advisory by the FBI and CISA warns of Rhysida ransomware attacks, citing tactics and indicators associated with the group’s activities. The report identifies Rhysida actors’ utilization of external-facing remote services for initial network access and persistence, exploiting vulnerabilities like Zerologon (CVE-2020-1472) in Microsoft’s Netlogon Remote Protocol in phishing attempts.
