iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hackers offer up more than three terabytes of data, including driver’s licenses, insurance cards, and Social Security numbers, for sale on the dark web.
The Rhysida ransomware gang claims to have stolen in excess of three terabytes of data from Kansas-based healthcare provider the Sunflower Medical Group.
The hackers made the claim overnight in a post to its darknet leak site.
“With only seven days to spare, take the opportunity to bet on exclusive, unique, and impressive data,” Rhysida said.
“More than 400 thousand driver’s licenses, insurance cards, social security numbers. SQL base is more than 3TB. Open your wallets and get ready to buy exclusive data. We sell only to one person, no resale, you will be the only owner!”
The post includes a link to contact the hackers, adding: “Leave your mail and comment. We cannot answer if your price looks like a joke.”
Rhysida also shared a collage of a selection of the allegedly stolen data, which does appear to include several driver’s licenses and personal insurance details.
The current asking price for the data is 10 bitcoins, which at current market rates translates to just shy of US$10 million.
Cyber Daily has reached out to the Sunflower Medical Group for comment on the alleged incident.
Once the initial deadline to purchase the data has passed, Rhysida typically starts publishing the data in discrete portions, offering further chances to purchase the unpublished data until the entire dataset is published for anyone to download at no cost.
Rhysida is a relatively active ransomware-as-a-service operation and responsible for 165 cyber attacks since it began operating in January 2023. The group is purely financially motivated and has been observed communicating internally using the Russian language. The group also does not target organisations within Russia and the wider Commonwealth of Independent States.
Rhysida has a history of targeting the healthcare sector. In August 2023, the gang attacked healthcare organisation Prospect Medical Holdings, causing disruptions across 17 hospitals and 166 clinics in the United States. That attack saw 500,000 Social Security numbers, medical data, and passport details posted for sale on the gang’s leak site.
The gang’s most recent Australian victim was the Sydney-based aged-care agency Daughterly Care, which was listed on Rhysida’s leak site in September 2024.
The Sunflower Medical Group operates four health clinics and serves 13 cities in the state of Kansas. Its services include primary and urgent care, obstetrics and gynecology, laboratory tests, X-rays, EKGs, and ultrasounds.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
