🚨 Nova ransomware gang demanded $30M from Clinical Diagnostics/Eurofins to not leak 480k+ people's sensitive medical data. Allegedly received $50k. Unsatisfied, they now demand more. 
We're unaccustomed to seeing double or triple extortion from ransomware gangs, as it undermines their business model. Moreover, Nova misrepresented their reasons for demanding more, making them (surprise) an unreliable party.
The stolen data can harm many people. We were shocked to learn it includes reports of women's rape, with names, addresses, and numbers attached to documents.
Since Nova appears to be an unreliable ransomware gang, we doubt paying the ransom will secure the data, as there's no guarantee they'll delete it or won't demand more. However, Eurofins must attempt to reach an understanding if possible, given the high stakes.
Leaking this data could even lead to honor killings, causing some women's deaths. Some could face severe consequences for premarital sex.
We don't know how they gained an initial foothold in the Clinical Diagnostics company. However, we learned the breach was caused by one of Nova's partners, who activated Nova's Ransomware-as-a-Service (RaaS).
Nova allegedly infiltrated systems for a month to extract data before deploying ransomware. During this period, they found backup files in production environments and highly sensitive patient files in Excel documents, PDFs, database files, videos, and photos.
Once Eurofins detected the breach, they failed to notify anyone, including the authorities they were required to inform. A month passed before they disclosed it. During this time, some sample breach data was online.
How is this still rising?
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
