Ragnar Locker claims attack on Israel’s Mayanei Hayeshua hospital

Healthcare data

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly stolen during the cyberattack.

The cyberattack on Mayanei Hayeshua occurred in early August, disrupting the hospital’s record-keeping system and preventing new patients from receiving care.

Yesterday, security researcher MalwareHunterTeam noted that the Ragnar Locker ransomware group claimed responsibility for the attack, creating a new page for the hospital on their data leak site.

Mayanei Hayeshua data leak page
Mayanei Hayeshua data leak page

The entry on the data leak site contains a message from the threat actors, claiming that they did not encrypt devices due to the victim being a hospital but did steal data from the organization.

“First of all, we want to emphasize that since this is a medical institution – we didn’t run any encryption to avoid equipment malfunctions, or necessary instruments,” reads the Ragnar Locker data leak site.

“However, serious vulnerabilities allows us to download a lot of data and someone else in our place could use such vulnerability in any other way.”

The threat actors have now published 420 GB of allegedly stolen data, warning that further data would be published over the next week.

Ragnar Locker claims to have stolen sensitive information during the attack, including medical records, procedure information, and drug prescriptions.

In a Mayanei Hayeshua ransom note from the attack seen by BleepingComputer, the threat actors claim that they stole 1TB of data, including a SQL database and emails.

BleepingComputer contacted Mayanei Hayeshua to confirm if the stolen data belonged to their organization but did not receive a response.

Hospitals make for high-value targets due to the highly sensitive nature of their medical records and data collected from patients requiring healthcare. This stolen data is then used as leverage to extort hospitals for significant ransom demands.

Over the past couple of months, we have seen an increase in ransomware and extortion gangs targeting hospitals, with both Prospect Medical Holdings in the USA and Madeira Health Service (Sesaram) recently targeted by Rhysida.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.