Hollywood Presbyterian Medical Center Held Hostage by Hackers

This week, we hear the latest on the #OpAfrica leak and the ransomware affecting Hollywood Presbyterian Medical Center's internal network.

Breach

Hackers leak more sensitive information as a part of #OpAfrica

World Hacker Team, a group associated with the Anonymous hacker collective, has leaked sensitive information of over 5,800 employees of the South African Department of Water Affairs. The leaked information includes names, phone numbers, login credentials, addresses, emails, ID numbers, as well as sensitive financial data and details of projects. This attack is just one part of Operation Africa (#OpAfrica) that is purportedly about “a disassembly of corporations and governments that enables and perpetuates corruption on the African continent,” according to Anonymous.

The hacktivists also gained access to the site’s administration panel where they were able to change users’ details, content, and even statistical and historical data regarding water quality measurements. Other recent attacks by hackers in Africa include the mass defacement of 2,532 websites running servers on Webafrica, a local web hosting provider, and the leak of 64,000 employee records from the Tanzania Telecommunications Company Limited.

References: Anonymous Hacks South Africa's Department of Water Affairs | Dept of Water Affairs Springs a Leak As Anonymous Open Taps | Anonymous Hacks and Leaks South African Government Data

Mitigation Strategies:

Malware

Hollywood Presbyterian Medical Center held hostage by hackers

Hollywood Presbyterian Medical Center in Los Angeles reported that their computer system has been down for over a week, due to ransomware that ended up on their internal network. The hackers have demanded a ransom of $3.6 million in order for the computers to be unlocked and have the files restored.

The ransomware also affected some critical emergency room equipment, forcing them to transfer patients to other nearby hospitals. An investigation is currently underway by the LAPD, FBI, and IT professionals hired by the hospital to learn more about how the malware was placed on their network and the extent of the damage. CEO and President of Hollywood Presbyterian, Allen Stefanek, assured patients that their privacy has not been compromised and that there was no evidence of extraction of sensitive patient or employee information.

References: Cyber Criminals Demanded $3.6 Million After a Ransomware-Based Attack Takes Offline the Systems at the Hollywood Presbyterian Medical Center | Hollywood Hospital Hit with Ransomware: Hackers Demand $3.6 Million as Ransom | Hollywood Hospital Held to Ransom by Hackers

Mitigation Strategies:

Top 20 IP Addresses

115.28.143.60 106.187.96.51
123.59.53.219 46.101.249.156
200.143.189.254 223.105.1.35
183.3.202.103 185.12.7.111
223.105.0.130 103.21.70.138
81.183.56.217 46.109.168.179
188.118.2.26 195.191.158.226
66.168.36.140 117.41.229.196
101.200.79.204 40.84.225.81
118.170.130.207 188.212.103.169

*IP addresses provided by Recorded Future.