Cyber Attack Results in Extortion of Plastic Surgery Center and Their Clients

Media Division | May 31, 2017

Many different types of organizations are targeted by cyber attackers for various reasons.  It could be to illicitly gain funds or data, damage systems, or steal information to use for extortion. One method to do the latter is through ransomware, but other attackers may simply steal the information and contact the organization directly for ransom. This is the situation in a recent attack upon a plastic surgery center in Lithuania.

Target of the Attack

The clinic, called Grozio Chirurgija, was hacked by a group named the “Tsar Team.” The information stolen from the clinic included sensitive files and data like nude photos, passport scans, credit card details, and national insurance numbers. It appears that the original hack had occurred back in April, at which point the group had contacted the clinic with a ransom demand of over 300 bitcoin (€591K, $661K) for the return of the data. The hackers called this a “small penalty” for the clinic’s vulnerable security. The clinic had then refused to pay this amount.

As a result, the hackers reduced the demand to 100 bitcoin (110K, €98K). When the clinic refused yet again, the hackers resorted to extorting individual clients that were affected in the breach. They were demanding individual ransoms between €50-2000 in bitcoin. The requested ransom depended upon how sensitive the possessed data was. According to reports, they had also published the database online on Tuesday, asking for €113K for the entire contents. The clinic is advising individuals to not open the emails or cave into the ransom demands, but rather report and forward the email to the police. They also advised affected clients to be wary of potential malicious links and attachments within the emails. It is unclear exactly how many people were affected in the attack, but the police say that dozens have reported receiving these types of ransom demands.

The Menace of APT 28

The Tsar Team is said to be assumed name of APT28. This is the group which was linked to the Democratic National Committee hacking during last year’s presidential election. They also go by a variety of other names, including the well known “Fancy Bear.” APT28 has also been linked to a multitude of other attacks, including private organizations and state agencies. This group is believed to be linked to Russian intelligence, though Russia has denied any link to them. APT28 has increasingly displayed that they are a huge threat, but there has not really been much progress as far as tracking them down.

Employment of Proper Cyber Security to Prevent Cyber Attacks

With cyber attacks becoming much more ruthless and clever as time goes on, organizations need to place a much larger emphasis on security. While most organizations understand the importance of security and have adjusted it accordingly, there are still far too many that are lacking in this area. They may simply think or hope that they will not be attacked, but this only makes them vulnerable. Leaving it up to chance opens an organization to being virtually ruined by cyber attacks. The security tools now available can typically keep an organization protected, but they need to be properly implemented and used. There is no room for neglect in the modern threat landscape, and to allow this is dangerous. Massive Alliance offers a wide range of security tools and services that can help an organization to prevent cyber attacks from stealing their data and funds.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.