RansomHouse Attacks Dameron Hospital in the US
RansomHouse attacked the Dameron hospital recently, managing to extract over 480 of confidential data. Everything was encrypted on the victim’s end and the attackers threatened to make everything public unless hospital representatives contact them.
- RansomHouse made public important information regarding the hospital’s staff number and finances
- The hit appears to be financially motivated, as is the case with all ransomware attacks
- Unlike other ransomware actors, RansomHouse operates slightly differently, in the sense that they don’t encrypt the data; they simply steal it and demand a ransom to delete it
- It is still unclear how the current situation is unfolding from the perspective of the Dameron hospital
RansomHouse performed a targeted and meticulous attack that managed to penetrate the hospital’s defense systems. This allowed the criminals to secure a massive package of data, slightly over 480 GB.
The data presumably contains information about the staff, clients, finances, and other private aspects that would qualify as sensitive. It is still unclear how the business has reacted to the breach.
As stated in the ransom note itself, the Dameron hospital’s revenue is slightly over $153. This information is important because most ransomware actors, RansomHouse included, adjust the value of the ransom based on their victim’s worth.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Who is RansomHouse and How Do They Operate?
RansomHouse is a relatively new organization that dates back since December of 2021. Despite that, the group has been involved in a number of high-profile hits, with some of the victims including Keralty, AMD, and even the Vanuatu government.
Unlike most ransomware organizations, RansomHouse does not encrypt their victims’ data. Instead, they simply download as much as they can and ask for ransom in exchange for deleting it.
This approach makes their operations simpler, less complex, and less risky, which explains the group’s high success rate. Each failed extortion attempt leads to RansomHouse publishing the data they stole on their Tor website.
RansomHouse also has a Telegram group where they communicate with other hacking organizations and even anonymous individuals. The negotiations also differ from what you would expect from such a group.
Unlike other hacktivist groups who are simply motivated by financial gains, RansomHouse also appears to want to help the victims. This has become evident on several hits, especially that on AMD.
On that occasion, RansomHouse criticized AMD’s poor user login security and advised them on how to improve that. Also, it appears that the hackers always keep their word and delete any data and backdoors upon receiving the ransom.