heise PlusAbo
Anzeige

Planned Parenthood victim of a cyberattack

Planned Parenthood has become the target of a cyberattack. The US authority CISA warns of the cyber criminals behind this and other incidents.

listen Print view
Hands on keyboard in the dark

(Image: Muhrfotografi/Shutterstock.com)

2 min. read
Security
By

The non-profit organization Planned Parenthood, which offers medical abortion services among other things, was the target of a cyber attack on 28 August. This was reported by various US media outlets. Planned Parenthood of Montana confirmed the incident to The Register, but did not provide any details – such as what data was affected. The investigation is still ongoing.

Ransomhub threatens to publish data from Planned Parenthood.

(Image: heise online / mack)

The ransomware group RansomHub claims to have infiltrated the organization's IT systems and threatened to release the 93 gigabytes of stolen data if payment was not made.

Videos by heise

A day after the incident, on August 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Ransomhub – along with the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS).

"Stop Ransomware"

Together, the authorities published an advisory that contains information on numerous critical vulnerabilities, some of which are older and have already been exploited, and is part of the "#StopRansomware" campaign: CVE-2023-3519, CVE-2023-27997, CVE-2023-46604, CVE-2023-22515, CVE-2023-46747, CVE-2023-48788, CVE-2017-0144, CVE-2020-1472, CVE-2020-0787.

According to the advisory, the attackers gained access to the systems through phishing, insecure passwords and the exploitation of known vulnerabilities, among other things. According to CISA, the attackers used Curve 25519 for encryption, an elliptic curve cipher (ECC) that is considered very secure. The cybercriminals leave a ransomware note, which usually contains a client ID and instructions on how to contact the group via an onion link on the darknet. Victims then usually have up to 90 days to make a ransom payment.

Read also

As a precautionary measure, CISA recommends regularly installing updates for operating systems, software and firmware. In addition to sensitizing employees to phishing attempts, the US cybersecurity agency points out the relevance of multi-factor authentication. This explicitly does not mean SMS as an additional factor.

Ransomhub regularly publishes new victims on its leak site and is also behind the attack on Christie's, for example. The group is also linked to ALPHV/Blackcat, which is no longer active.

(mack)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten