Ransomware operation LockBit has admitted to being behind a cyberattack that disrupted the IT systems of healthcare system Capital Health, which operates hospitals and clinics in New Jersey and Pennsylvania, in November, BleepingComputer reports.
While Capital Health has reported completing the recovery of impacted systems and the ongoing investigation of potential data compromise, LockBit revealed in a data leak site listing that it exfiltrated 7TB of medical data that it would expose on Jan. 9 should Capital Health refuse to fulfill its demanded ransom of $250,000.
"We purposely didn't encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files," said LockBit on its leak site.
Healthcare organizations have been a primary target for LockBit, which has previously compromised New York-based Claxton-Hepburn Medical Center and Carthage Area Hospital, as well as Toronto-based SickKids Hospital. Germany's Katholische Hospitalvereinigung Ostwestfalen was also targeted with LockBit although the ransomware gang noted that the hospital had been compromised by another group using its leaked ransomware builder.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.