TECH
Advertisement
Schedules, financial data and personal data – and everything can be bought. After the ransomware attack against Sophiahemmet, sensitive information is out for sale on the darknet.
On the night of Tuesday, February 27, a major hacker attack was discovered targeting the private hospital Sopiahemmet in Stockholm.
In a TT interview shortly after the attack, Sophiahemmet's chief physician said that at the time there was no indication that the data had been stolen.
– We were prepared to the same extent as other prepared organizations can be. It is a well-known phenomenon of hacker attacks, but it is unfortunate that it happens, said Marie Wickman Chantereau.
The demand: One million dollars in ransom
But now the ransomware group Medusa has taken responsibility for the IT attack, and published a post on the darknet where it appears that the group is blackmailing Sophiahome. The people behind Medusa write that they want one (1) million US dollars in ransom for the data stolen – otherwise it will be put up for sale.
Advertisement
IT security specialist Karl-Emil Nikka assesses that Medusa's claims are credible.
– There is no doubt that Medusa has obtained the data, and that they are now threatening to leak it, he says to Ny Teknik.
Published file overview on the darknet
In the post, Medusa has also published what is called proof of compromise – that is, evidence in the form of a file overview that shows what kind of information the group has come across. Exactly how much information is involved is not clear at the moment, but it involves large amounts of files and data.
– I can see that they have a lot of Excel files, for example. These contain, among other things, schedules and what could be sensitive personal information about employees, says Karl-Emil Nikka.
Ny Teknik has taken part of content from Medusa's darknet posts. These show, among other things, supplier information, customer data and what may be patient data.
Sophiahemmet: Trying to find out what it's about
Sophiahemmet confirms to the news agency TT that the hospital has been contacted by the hacker group. This has taken place in the form of a message with a screenshot where Medusa writes that the group is sitting on data from what is called “Sophiahemmet university”.
Ny Teknik seeks the hospital for a comment, but makes the assessment that it is likely to be the same message that has also been published in Medusa's post on the darknet.
– We are investigating with all our resources and together with Region Stockholm's IT experts to find out what it is all about. As soon as we know that, we can become more active and act, says Pia Hultkrantz, communications manager at Sophiahemmet, to TT.