
University Hospital New Jersey hit by ransomware, 48,000 files leaked - axsharma
https://www.bleepingcomputer.com/news/security/university-hospital-new-jersey-hit-by-suncrypt-ransomware-data-leaked/
======
forgotmypw17
to counter cloudflare's js gatekeeping:

University Hospital New Jersey hit by SunCrypt ransomware, data leaked By Ax
Sharma September 16, 2020 01:39 PM 0 uhnj

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document
data breach after a ransomware operation leaked their stolen data.

Established in 1994, the University Hospital is a New Jersey state-owned
teaching hospital that provides medical care to residents.

The hospital runs on a $626 million budget and has over 3,500 employees, 519
licensed beds, and over 172,000 annual outpatient visits.

Sensitive info leaked after a ransomware attack The SunCrypt ransomware
operation has leaked data allegedly stolen from UHNJ in a September ransomware
attack.

SunCrypt is a ransomware operation that began its activities in October 2019
but was not very active. Over the past few months, they have become much more
active since releasing a dedicated leak site.

While BleepingComputer has not corroborated all of the attacker's claims, the
data seen by BleepingComputer does appear to belong to UHNJ.

Of the 240 GB of data allegedly stolen from University Hospital New Jersey,
the attackers have leaked a 1.7 GB archive containing over 48,000 documents.

Alleged data leak for University Hospital New Jersey Alleged data leak for
University Hospital New Jersey This data leak includes patient information
release authorization forms, copies of driving licenses, Social Security
Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.

UHNJ Data leak UHNJ Data leak Shown below is a partial image of one such
record leaked in the dump, with PII redacted:

An example patient information release form An example patient information
release form If you have first-hand information about this or other unreported
cyberattacks, you can confidentially contact us on Signal at +16469613731.

Employee infected with TrickBot prior to the attack A source in the
cybersecurity industry has told BleepingComputer that an employee of UHNJ was
infected with the TrickBot trojan at the end of August.

When a computer is infected with TrickBot, it usually leads to a full
compromise of the network with ransomware eventually being deployed.

TrickBot has historically been known to lead to Ryuk ransomware attacks and an
occasional Maze ransomware attack. Now TrickBot is predominately pushing the
Conti ransomware.

While Maze denies any affiliation with SunCrypt, the SunCrypt ransomware
operators have told BleepingComputer that they are part of the Maze Cartel.

Furthermore, when infecting a victim, SunCrypt will connect to an IP address
previously associated with Maze infections.

The SunCrypt operators may have also partnered with TrickBot to provide access
to compromised networks, such as the network of UHNJ.

BleepingComputer has reached out to UHNJ multiple times but did not receive a
response to our emails and calls.

