RansomHub Takes a Slice of Planned Parenthood’s Data Pie

In a plot twist no one wanted, RansomHub decided to spice up their summer by hijacking 93 gigabytes of Planned Parenthood data. This happened in late August 2024, when Planned Parenthood of Montana discovered they were the unlucky recipients of a ransomware attack from this less-than-friendly neighborhood gang.

The cyber crooks made their grand entrance on August 28, prompting Planned Parenthood to scramble into damage control mode and take parts of their network offline. CEO Martha Fuller confirmed that the feds are on the case, and the organization is diving into a full-scale investigation.

RansomHub, which has been on a crime spree since February 2024 with over 230 attacks under its belt, has given Planned Parenthood until September 11 to cough up a ransom or risk having their data shared far and wide. So far, there’s been no indication that private patient info has been leaked—phew!

Interestingly, this attack comes hot on the heels of Montana’s abortion rights initiative snagging enough signatures to make it to the November ballot. Talk about bad timing—or perhaps a hint of political motivation? Fuller assured the public that they’re treating this with the seriousness of a cat in a room full of rocking chairs.

This incident underscores a growing concern: ransomware is becoming a major threat to critical sectors like healthcare. The financial toll is just the tip of the iceberg—these attacks can disrupt medical services, worsen patient outcomes, and in the worst cases, lead to increased mortality rates.

The potential for exposing private health data is an extra layer of dread, as it could be used to further extort victims. It’s high time the U.S. government beefed up its response to this increasingly organized, multi-billion-dollar criminal circus. We need stronger deterrents, both here and abroad, to fend off these digital villains and protect those who are most vulnerable.

Cicada3301’s New Groove: A Linux Ransomware Remix

In what can only be described as a case of identity theft gone digital, a new ransomware-as-a-service (RaaS) group is borrowing the Cicada3301 name and logo for their latest shenanigans. This crew, despite their nostalgic nod to cryptographic puzzles of yesteryears, has nothing to do with the original Cicada3301’s brain-teasers.

This fresh-faced ransomware gang has already targeted 19 companies worldwide, threatening them through their not-so-charming extortion portal. Analysis shows that their ransomware has some uncanny similarities with BlackCat/ALPHV—suggesting that this might be a rebranding effort or a new project spun off by former BlackCat/ALPHV developers.

Both variants are written in Rust (no, not the kind you get on old tools), use the ChaCha20 encryption algorithm, and share similar encryption tactics and shutdown commands. After BlackCat/ALPHV’s dramatic exit scam in March 2024—where they vanished with $22 million while claiming an FBI takedown—this new Cicada3301 is cozying up with the Brutus botnet operators, who are known for their VPN brute-forcing.

Unlike your run-of-the-mill ransomware, this new Cicada3301 is more into data exfiltration and selling stolen goods on dark web marketplaces than just demanding a ransom. They apply pressure by threatening to release sensitive info, making their attacks potentially more damaging through data theft than the usual encryption.

Pay Up, Get Hit Again: The Ransomware Groundhog Day

If you thought paying ransom would solve your problems, think again. A recent survey of nearly 1,000 IT and security pros reveals a troubling trend: organizations are getting hit with ransomware repeatedly. According to the Insurance Journal, a whopping 74% of respondents who faced ransomware attacks in the past year found themselves under assault more than once—sometimes within mere days.

The financial fallout is no joke. A staggering 78% of these organizations paid the ransom, with 72% shelling out multiple times. And get this—33% ended up paying four or more ransoms! Despite forking over the cash, 87% of businesses still faced major disruptions, including data loss and extended downtime. In some grim cases, the stakes were high enough to risk lives.

Moreover, 35% of those who paid the ransom didn’t even get a working decryption key. Talk about adding insult to injury. Halcyon’s report backs this up, showing ransomware attacks are not only frequent but severe, with 18% of respondents facing ten or more infections. Data exfiltration is now a common tactic, with about 60% of organizations reporting stolen sensitive data and many being asked to pay extra to prevent data leaks.

Despite these red flags, many businesses are still overly confident in their defenses. While 88% believed their security measures could handle ransomware, over a third were attacked multiple times. Furthermore, 62% of organizations experienced severe operational disruptions lasting from two months to over six months.

The report highlights that even with prevention tools, ransomware defenses are lacking. Among those who paid ransoms, 78% received decryption keys that were essentially doorstops, and 59% spent over $1 million on incident response. To top it off, 39% of organizations saw their cyber insurance premiums skyrocket after an attack, making the financial hangover from ransomware attacks even worse.

So, if you’re thinking about paying up, remember: it’s not a magic fix. You might just end up in an endless loop of ransomware woes.