REvil Hacker Group Hits Las Vegas Hospital in Cyberattack

Scans of driver’s licenses, social security cards, and passports stored on a server of a Las Vegas hospital were posted on the dark web Monday by the hacker group REvil.

On Tuesday, the University Medical Center (UMC) told the Las Vegas Review-Journal that it had experienced a criminal data breach. After being asked about the documents on REvil’s site, the hospital released a statement to the Review-Journal that hackers had infiltrated the affected hospital server in mid-June.

The hospital also said law enforcement was investigating the breach. Reportedly, there was no evidence that clinical systems were accessed in the attack, but patients and employees were notified their personal information was compromised, the statement said. The hospital said it would offer free identity protection and credit monitoring services to those exposed, according to the News-Journal.

“The Happy Blog” Ransom Site

REvil typically posts proof of information stolen during data breaches to its dark web onion site, “The Happy Blog.” If a ransom isn’t paid in full, the hacker group often threatens to post all the information there publicly as well.

On Monday, REvil put up its most recent post. Under a short description of the hospital and the UMC banner, the group posted the driver’s licenses, passports, and social security cards of about six individuals — sometimes two forms of ID for each person. This was a sample of the information it claims was stolen in the data breach.

Though the hospital hasn’t clarified whether or not there was a ransom demand, that’s usually the next step in ransomware attacks.

A ransomware attack occurs when hackers use malware to infiltrate a network. This is usually through an employee misstep — like mistakenly clicking a malicious link. The malware then gets to work on retrieving sensitive data for the hackers, encrypting the network’s files and locking up the system. The hackers demand a ransom in exchange for a key that unlocks the files, and to stop releasing the private information.

A Long Trail of Victims in REvil’s Wake

The University Medical Center is just the latest in a long list of ransomware victims. REvil turned out to be one of the highest-profile and most prolific ransomware gangs of 2021. Since the beginning of the year, REvil has claimed more than 50 new victims. And that’s just what’s been reported. Cybersecurity company eSentire stated in a report that “the victims we hear about publicly are a mere drop in the bucket compared to the actual incidents,” and that most cases never make it to the public.

The hacker group not only focuses on healthcare organizations like UMC, but also manufacturers, transportation and logistics companies, and construction firms. In recent months, they’ve been aiming at bigger targets.

One of the world’s largest meat suppliers, JBS Foods was attacked with REvil ransomware in May. The FBI attributed this cyberattack to the gang, which shut down JBS’s beef plants and caused massive disruptions at its poultry and pork plants. JBS reportedly ended up paying $11 million Bitcoin ransom.

REvil demanded the highest ransom payout ever recorded from electronics giant Acer. The group sought $50 million in Bitcoin ransom following the cyberattack, though REvil said it would double the ransom to $100 million if it wasn’t paid by late March. Acer hasn’t provided updates on whether the payment was made or not.

Ransomware Insurance Premiums Surge

REvil isn’t the only active ransomware gang. Between REvil, Ryuk, Clop, Darkside, Avaddon, and countless others, ransomware attacks continue to rise. As these cyberattacks surge, so does the demand for cyber insurance coverage, and its price.

In a recent report from VPNOverview, we discovered that ransom payments increased 337 percent to over $400 million in 2020. Since the start of 2021, ransomware hackers have extorted more than $81 million this year alone. Again, that’s just “a drop in the bucket” compared to what’s actually happening.

If a company is properly covered by cyber insurance, insurers have to cover many of these payments, and losses are heavy. A recent report from Hiscox showed insured cyber losses of $1.8 billion in 2019, up 50% year over year. One in six firms said the attacks could have put them out of business. Hiscox also reported that more cybercriminals were active now than in 2019.

Jerome Powell, Chair of the Federal Reserve, has said cyberattacks like these are currently the biggest threat to the American economy.