Cyber scum suckers hit cancer agency with ransomware, threaten to contact families

After an Indiana cancer service agency was hit with ransomware, attackers personally contacted executives and threatened to contact families if the $43,000 ransom wasn't paid.

Some cyber scum suckers sunk to an all-time low, hitting an Indiana Cancer Services agency with ransomware before threatening “to contact family members of living and deceased cancer clients, donors and community partners” if the $43,000 ransom was not paid.

Cancer Services of East Central Indiana-Little Red Door, an independent, non-profit agency based in Muncie, Indiana, became a victim of a ransomware attack a week ago. This is an organization whose goals include helping to “reduce the financial and emotional burdens of those dealing with a cancer diagnosis.”

The attackers did not leave the traditional ransom demand note, oh no, but chose to personally reach out to the agency’s executive director, president and vice president to make the extortion demands clear. This makes it seem more like a targeted attack and less of one that was a result of opportunity. It was also at least the second time that week that attackers attempted to ransom sensitive patient information.

While it seems a bit early for attribution, the public statement released by the agency credits an “international cyberterrorism organization” for the ransomware attack. Apparently the bad guys claimed to be with a specific cybercrime group. The statement, published in full on RTV6, reads:

Cancer Services of East Central Indiana - Little Red Door's terminal server and backup drive were hacked and all the agency's data was stripped, encrypted and taken for ransom by an international cyber terrorism organization on Wed. January 11, at approximately 10pm. Staff and the Board of Directors were made aware of the 50 Bitcoins ($43,000 US) ransom demand the following evening, Thursday Jan. 12.

Communicating first via text message to the personal cell phones of the Executive Director, President and Vice President, then through a “form letter” and several detailed emails, the self-identified dark web organization issued threats of extortion and also threatened to contact family members of living and deceased cancer clients, donors and community partners.

The staff and Board of Directors took immediate action to notify those affected by the security breach, relaying directives from the FBI, “not to open any suspicious email, link, to not engage with the cyber terrorists, not respond to ransom demands and report communication from them to the agency and/or law enforcement.” The FBI agents assigned to the agency's case noted the unusual and pervasive nature of the attack, focusing on the contact made through personal cell phone numbers and noted the sudden surge in ransomware attacks.

Executive Director Aimee Fant said the agency is working with the FBI and “will not pay a ransom when all funds raised must instead go to serving families, all stage cancer clients, late stage care/hospice support and preventative screenings.”

According to the Little Red Door’s website, “All services directly offered by Cancer Services of ECI – Little Red Door are free and available to anyone with a cancer diagnosis residing in Delaware, Blackford, Henry, Jay, Madison, or Randolph Counties.”

The attack prompted Michael Wolfe, CTO and VP of Ontario Systems, to reach out with safety tips to other non-profit agencies. You can read his advice on the Muncie Journal. It might help prevent becoming a victim of cyber-served blackmail and a security breach, which puts patients at risk.

As a side note, there has apparently been some confusion, so a Facebook post made it clear that the Little Red Door that was hit with a ransomware attack is not the same non-profit as the Little Red Door Cancer Agency in Indianapolis; the latter (not affiliated with the former) was not attacked.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.