Nose jobs. Weight loss surgery. Breast enlargements. The Hospital Group does this type of work for many celebrities, and some data involving the surgeries has been leaked.

The UK cosmetic surgery chain is the victim of a ransomware attack by REvil, also known as Sodinokibi.

The Hospital Group confirmed their IT systems endured a security breach, and was forced to notify the Information Commissioner about the breach. They sent an email to all of their clients detailing the security incident.

They indicated no payment card details were compromised, but patients’ personal data was taken.

REvil ransomware has already published content on their Tor Network site. It is said between 600 and 900 GB of data have been stolen.

Clients impacted by this cyberattack are most worried about intimate photos being released. Because some clients haven’t told close family and friends about their particular surgery, they are concerned about this attack on The Hospital Group and what may have been exposed. Most pictures used by The Hospital Group do not contain the faces of clients, but this doesn’t necessarily mean it’s not plausible.

This week, REvil plans to post their first files, named “Pacient Personal – 20гб TMG OFFICIAL Documents – 50гб”. REvil hopes The Hospital Group will provide payments for the files to be deleted from the dark web sites.

REvil is a ransomware-as-a-service (RaaS) and has been active since April 2019. Their primary goal is to extort significant amounts of money from large organizations all over the globe.

Their name stands for Ransomware Evil, inspired by the Resident Evil movie series.

REvil grew after the closure of GrandGrab, a RaaS threat group.

SpearTip’s ShadowSpear® Memory Injection Prevention module would step in to prevent REvil ransomware attacks. Network defenders should apply these strategies and tools to avoid falling victim to REvil, though it usually begins with non-technical end-users.

Implementing user awareness training and phishing practices has proven to correct and improve an organization’s security posture tremendously. The weakest link is almost always the human element. Utilizing a trusted Endpoint Detection and Response (EDR) tool will put your organization on a higher level to protect your organization’s network.

Our cybersecurity professionals are always on alert for malware and manipulative programs by building cases on the threat groups and actors that are encountered on a daily basis. Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment.

Not only are they continuously preventing cyberattacks, but they can also deploy our proprietary tool, ShadowSpear® in your environment before or after an attack.