A second ransomware group has claimed that it has attacked MCNA, breached its network and taken data for ransom.
MCNA hacked again on June 14?
The Snatch ransomware group posted on its dark web portal on June 14 that it had gained access to MCNA’s data. The notice states that “your presence at this page means that we obtain your sensitive information and in case of your silence and refuse to bear responsibility all of this data will be published no matter how important and confidential it is.”
The page indicates that the group has 602 GB of MCNA data.
We thank Tammy Anthony Baker, a security consultant of the NOIT Group, for passing this along to us.
How they gain access
This ransomware group’s modus operandi, according to Picus Security, is the following.
“Snatch ransomware is a stealthy malware that utilizes publicly available and built-in tools for its malicious activities. Since Windows does not often run endpoint protection mechanisms in Safe Mode, Snatch ransomware avoids detection by forcing infected hosts to reboot into Safe Mode. The Snatch ransomware group uses the double extortion method; accordingly, the payload is made of ransomware and data stealer components. Threat actors use automated brute-force attacks against vulnerable applications in the target organizations. Also, the Snatch ransomware operators also use their affiliate partners to gain initial access to corporate networks.”
Tremendous consequences to clients
The seriousness of a possible second breach of personal health information for millions of clients is staggering, not to mention the possible calamity for network dentists whose personal information has also been stolen. The increase in the possibility of identity theft for all those individuals can only be termed a nightmare.
Needless to say, we don’t know the extent of the apparent breach, but at 602 GB of data, it would be substantial.
TDMR has attempted to contact MCNA to confirm or deny this claim. We hope it is not true.
Hackers being hacked
Despite the seriousness of this situation, there is a bit of karma here.
Apparently, like sharks turning and feeding on an injured compatriot, these ransomware groups are concerned about other hackers impersonating them in trying to extort the victim for their ransom. How ironic to have the victim pay someone else for all their hard criminal blackmail work. Just read this notice:
“All negotiations are conducted in the chat of our service. All other attempts to negotiate on our behalf, with the exception of initial calls to companies, are fraudulent. If you pay fraudsters, we do not accept any responsibility for their actions and will not comply with the terms of the contracts concluded by you.”
If you can’t trust a hacker to be who he says he is, you just can’t trust anybody these days.
JUNE 14 NOTICE OF RANSOM OF MCNA DATA