For a long time I have said that there are multiple forms of ransomware such as:
- The hacker encrypts your computer and gives you the decryption key if you pay the ransom.
- The hacker encrypts your computer and DOES NOT give you the decryption key when you pay the ransom.
- The hacker PRETENDS to encrypt your computer but instead deletes and overwrites your files and it doesn’t matter whether you pay the ransom or not, you are not getting your files back
But the one that is the scariest of all is this last one.
- The hacker steals your files and demands a ransom in order not to publish your files. In this last case, there is not much that you can do to protect yourself. Possibly encrypting your files with a key that is not stored on the system under attack would help, but conventional encryption (like Bitlocker or TrueCrypt) would do no good.
This last one is what is happening to the Grozio Chirurgija clinic in Lithuania. Grozio Chirurgija is a plastic surgery clinic. Lithuania is a medical tourism hotspot (see article).
Hackers broke into the clinic’s computer systems and stole thousands of files. In March they published hundreds of photos, including nude photos (remember this is a plastic surgery clinic and they love to take pictures – before and after – of their work). Then the hackers asked individual clients to pay a ransom of up to 2,000 Euros not to have the rest of their photos published.
In addition to potentially compromising photos, the hackers have copies of passports, social security numbers and other data that the clinic held.
In April the hackers, calling themselves Tsar Team (whom the experts say is the same group as the Russian hacking team APT28), demanded that the clinic pay a ransom of 344,00 Euros. They said this is a small penalty to pay for having hackable computers.
The clinic did not pay and this month the hackers posted 25,000 pictures. Norwegian police said that there was no guarantee that those blackmailing would keep their promises (meaning, I assume, to NOT publish the photos if they got paid).
The hackers promised to publish all the data if they didn’t get their ransom. The ransom wasn’t paid. The hackers published the photos. So the hackers kept their promises.
For for a lot of medical tourists their data, passports and maybe nude photos are floating around the Internet. Making them vulnerable to both identity theft AND blackmail.
The clinic is, not surprisingly, aghast. One would assume that their cllients will find other places to go once the word gets out. Most plastic surgery clients would not be happy if before and after nude photos of themselves got out in the wild and/or were used to blackmail them.
For businesses, the moral is that there is a cost – as we saw with businesses that were attacked by WannaCry – to having poor cyber security practices.
For clients, the moral is to be careful about who you give your data to (meaning that, perhaps, that the lowest cost clinic may not have the best cyber practices). Note that this does not mean that the most expensive clinic has the best cyber practices.
Information for this post came from the UK Metro.