In the ever-evolving landscape of cyber threats, a new player has emerged called RansomHouse. Unlike traditional ransomware operations, RansomHouse focuses on breaching networks through vulnerabilities to steal valuable data.
Mission Community Hospital has been providing healthcare in the San Fernando Valley community for more than 50 years. It is owned and operated by Deanco Healthcare, LLC. It is licensed for 75 medical/surgical beds, 10 critical care beds plus an additional 60 beds for psychiatric care.
DataBreaches.net reported on June 4 that the Hospital was infected by ransomware after hacker group RansomHouse exploited vulnerabilities in its Paragon and Cisco systems.
According to the website, RansomHouse listed on its leak site that it has 2.5 terabytes of the hospital’s data and provided some proof, along with a note: “Dear Mission Community Hospital Management, We strongly recommend you to contact us to prevent your confidential data or research data to be leaked or sold to a third party.” Rather than encrypting stolen files, the group reportedly just exfiltrates them and demands a ransom in exchange for deleting them and providing a security report, according to the story.
DataBreaches.net reviewed a letter from Mission Community’s outside general counsel that it discovered the breach while investigating a May 1 network switch failure and has since rejected the threat actor. Mission Community Hospital and RansomHouse did not respond to DataBreaches.net’s requests for comment.
RansomHouse is a cybercrime group that extorts money from victims by threatening to leak stolen data. The group first emerged in December 2021 and has since targeted a number of high-profile organizations, including AMD, the Saskatchewan Liquor and Gaming Authority, and a German airline support service provider.
RansomHouse operates in a different way from traditional ransomware groups. Instead of encrypting victims’ data and demanding a ransom payment to decrypt it, RansomHouse steals data and then offers to delete it in exchange for a payment. If the victim does not pay, RansomHouse threatens to leak the stolen data online.
The group’s website, available on the Tor network features a dark web blog where they post updates about their activities, as well as screenshots of stolen data. RansomHouse also uses the blog to taunt victims and to encourage other cybercriminals to target them.
RansomHouse is a sophisticated threat actor that has been able to successfully target a number of high-profile organizations. The group’s use of a data-leaking tactic is a new and worrying development, as it means that victims are no longer just at risk of having their data encrypted, but also of having it exposed online.
Users on Twitter, Telegram, and dark web forums have been debating whether RansomHouse is a real ransomware gang that is responsible for attacking and stealing those databases, or an extortion group that buys leaked databases from a third party and tries to extort the victims by demanding a ransom fee in return for not leaking the data to the public.