Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed a ransomware attack against an Australian medical imaging firm, claiming to have exfiltrated sensitive data.
INC Ransom listed independent radiology practice Spectrum Medical Imaging on its dark web blog this week, threatening to publish exfiltrated data in four days.
According to the listing, INC Ransom has exfiltrated financial and customer data, a claim that the group has backed up with sample screenshots, which include documents with names, medical information and more.
Speaking with Cyber Daily, Spectrum Medical Imaging said that it was unaware of the incident and had not been contacted by the group.
It also said that in the event of a ransomware incident, its policy is not to pay.
This is an ongoing story. Cyber Daily will provide updates as the incident develops.
INC Ransom has listed a number of Australian organisations over the last few months. In November, the group listed the Victorian laser-cutting firm AC Laser.
Speaking with Cyber Daily, AC Laser confirmed the incident, saying that two months prior to the listing, it detected unauthorised activity on its network.
“Close to two months ago, a breach was detected in the early morning,” said a company spokesperson.
“Whilst it was still in progress, our companies’ servers and systems were all immediately disconnected, interrupting the hack.
“With the help of IT specialists and a comprehensive backup procedure, we were able to fully recover all data.”
Despite the incident occurring in September, INC Ransom listed the Aussie firm on its dark web leak site on 23 November.
While it did not specify what was allegedly exfiltrated in the incident, it posted a sample of the company’s data, which largely contained internal business documents such as tax invoices, meeting minutes, analytics, and file trees.
One sample document showed names, email addresses, mobile numbers and work phone numbers.
That same month, ATF Services confirmed that INC Ransom had breached its network and exfiltrated one terabyte of data.
The gang listed ATF as a victim on its darknet leak site on 23 November, when it shared details of the hack and several documents to prove its claim.
“We have 1 TB data of this company,” a spokesperson for the gang said, alongside the proof-of-hack documents.
These include screenshots of file structures and folders, internal contact lists, loan and tax documents, details of debtors and creditors, customer data, and earnings forecasts.
INC Ransom has not listed a ransom demand nor a ransom deadline. According to a counter on the leak site, the details of the hack have been viewed 400 times at the time of writing.
ATF Services has confirmed that it is aware of the incident.
“ATF Services is aware of a recent cyber incident that occurred in early October 2024,” an ATF Services spokesperson told Cyber Daily.
Be the first to hear the latest developments in the cyber industry.
