Attack From Keralty Ransomware Affects Colombia's Healthcare System

Attack From Keralty Ransomware Affects Colombia’s Healthcare System

The websites and business activities of the international healthcare group Keralty and its subsidiaries were affected by a RansomHouse ransomware attack on Sunday. The Colombian healthcare company Keralty has a global network of 12 hospitals and 371 medical facilities across Latin America, Spain, the United States, and Asia. More than 6 million patients are served by the group’s 24,000 employees and 10,000 doctors.

The company also provides additional healthcare services via its subsidiaries, Colsanitas, EPS Sanitas, and Sanitas USA. Keralty and its affiliates EPS Sanitas and Colsanitas experienced disruptions in their IT operations, the planning of medical appointments, and their websites during the past few days. Colombia’s healthcare system has been affected by IT disruptions. According to local media, patients had to wait more than twelve hours in line to obtain care, and some fainted from a lack of medical attention.

On Monday, Keralty acknowledged having technical problems but could not specify what was causing them. According to the company’s recently-released statement, the disruption was brought on by a cyberattack on Keralty’s network, which resulted in technical issues with their IT systems.

According to a statement from Keralty, the computer servers of the Keralty Group firms were the target of a cyberattack, which led to technical issues with their systems. “From the moment it was identified, we have been working 24 hours a day, both from the technological team and from the medical and administrative team, to provide continuity of care to our members.”

“Likewise, from the beginning, this situation was brought to the attention of the competent authorities and the respective criminal investigation has been initiated. In order to maintain attention to our users, from Keralty We continue to implement the necessary contingency plans to maintain the service.”

The Keralty Group has been contacted by the media with inquiries on the attack, but as of right now, no answer has been given. Alexánder, a Twitter user, tweeted a screenshot of the VMware ESXi server with a ransom letter reading, “Dear Keralty,” indicating that the healthcare provider had been the target of a ransomware attack, as was first reported by Camilo Andrés Garca.

The RansomHouse ransomware organization, which initially dubbed its malware “White Rabbit,” has been recognized as the source of this ransom note. The threat actors used the name “Mario” throughout their attacks on eight Italian towns as a nod to the Super Mario Bros. video game’s Italian hero. In addition to encrypting Windows and Linux devices and adding the “.mario” extension to encrypted data, this new encryptor also drops “How To Restore Your Files.txt” ransom notes.

The RansomHouse threat actors claimed responsibility for a November 27th attack and the theft of 3 TB of data. The allegations that data, if any, was taken have not been proven. In the past, RansomHouse has claimed to have attacked AMD and ADATA to steal their data. ADATA, on the other hand, said that the data was from a prior RagnarLocker ransomware assault in 2021 and denied having been hit by RansomHouse.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.