Jordanian Hospital Auctions Medical Data: Rhysida Offers 10 Bitcoins

Abdali Hospital becomes victim of Rhysida hacker group

Abdali Hospital, located in the modern area of ​​Al-Abdali in Amman, Jordan, became another victim of the Rhysida hacker group. This is a multidisciplinary clinic that provides medical services in many areas. The hospital offers a wide range of specialties including orthopedics, rheumatology, gynecology, urology, endocrinology, neurology, nephrology, pulmonology, therapy, oncology, infectious diseases, and anesthesiology. Aesthetic directions are also available such as plastic surgery, dermatology, and the Center for Women’s Health.

Recently, the hackers published screenshots with stolen medical documents and identity certificates in the Darknet as evidence of the attack. This data has already been put up for auction with a minimum cost of 10 bitcoins. The announcement on the hacker group’s website states that interested parties have only 7 days to purchase the exclusive and unique data, with resale strictly prohibited.

Rhysida claims that after 7 days, the abducted information will be made publicly available. This follows their previous hackings, including the London hospital of King Edward VII, the British library, and the Chinese energy engineering corporation (CEEC).

Rhysida has been operating since May 2023 and has targeted at least 62 companies in various sectors such as education, healthcare, production, IT, and the public sector. Last week, the FBI and the US Cybersecurity Agency (CISA) issued a joint warning about the threat posed by this group. The warning also highlights the methods and indicators of compromise employed by Rhysida.

The group operates under the model “Extortion as a Service” (Ransomware-A-A-Service, Raas), where they rent out their tools and infrastructure for ransom attacks. The group and its affiliates profit from the received ransoms.

The hackers exploit vulnerabilities in external remote services like VPN and RDP, as well as compromised study data, to gain access to systems. They have also been known to utilize the Zerologon vulnerability in phishing attacks and heavily rely on the built-in network tools of operating systems.

/Reports, release notes, official announcements.