RansomHouse attacked the Dameron hospital recently, managing to extract over 480 of confidential data. Everything was encrypted on the victim’s end and the attackers threatened to make everything public unless hospital representatives contact them.
RansomHouse performed a targeted and meticulous attack that managed to penetrate the hospital’s defense systems. This allowed the criminals to secure a massive package of data, slightly over 480 GB.
The data presumably contains information about the staff, clients, finances, and other private aspects that would qualify as sensitive. It is still unclear how the business has reacted to the breach.
As stated in the ransom note itself, the Dameron hospital’s revenue is slightly over $153. This information is important because most ransomware actors, RansomHouse included, adjust the value of the ransom based on their victim’s worth.
We believe security online security matters and its our mission to make it a safer place.
RansomHouse is a relatively new organization that dates back since December of 2021. Despite that, the group has been involved in a number of high-profile hits, with some of the victims including Keralty, AMD, and even the Vanuatu government.
Unlike most ransomware organizations, RansomHouse does not encrypt their victims’ data. Instead, they simply download as much as they can and ask for ransom in exchange for deleting it.
This approach makes their operations simpler, less complex, and less risky, which explains the group’s high success rate. Each failed extortion attempt leads to RansomHouse publishing the data they stole on their Tor website.
RansomHouse also has a Telegram group where they communicate with other hacking organizations and even anonymous individuals. The negotiations also differ from what you would expect from such a group.
Unlike other hacktivist groups who are simply motivated by financial gains, RansomHouse also appears to want to help the victims. This has become evident on several hits, especially that on AMD.
On that occasion, RansomHouse criticized AMD’s poor user login security and advised them on how to improve that. Also, it appears that the hackers always keep their word and delete any data and backdoors upon receiving the ransom.