Published Nov 02, 2023 • Last updated 9 hours ago • 2 minute read
The cybercrime organization believed to be responsible for the blackmail attack at five southwestern Ontario hospitals is known as Daixin Team, a financially motivated ransomware and data extortion group notorious for its strikes against the public health sector.
Although much remains unknown about the group, a report published by the American Cybersecurity and Infrastructure Security Agency said Daixin Team has been active since at least June 2022.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account.
- Get exclusive access to the Windsor Star ePaper, an electronic replica of the print edition that you can share, download and comment on.
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
- Support local journalists and the next generation of journalists.
- Daily puzzles including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account.
- Get exclusive access to the Windsor Star ePaper, an electronic replica of the print edition that you can share, download and comment on.
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
- Support local journalists and the next generation of journalists.
- Daily puzzles including the New York Times Crossword.
REGISTER TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
Article content
Article content
“They have likely found this to be a lucrative niche,” said Brett Callow, threat analyst at Emsisoft, a New Zealand-based software company which decrypts ransomware attacks. “They typically don’t try to monetize the actual information. They aren’t really interested in selling this for relatively small amounts of money. They want to obtain millions from the organizations they target.”
According to a report published by Canadian software company Blackberry Limited, Daixin Group does not exclusively target the health care sector, but since its inception it has acutely impacted these organizations by:
- stealing electronic health records, personal identifiable information, and patient health information
- compromising diagnostics, imaging, and intranet services
Daixin Team typically gains initial access into networks through vulnerabilities in the VPN servers. Once they are inside the network, they can:
- compromise file integrity by rendering it unusable
- threaten the public release of stolen data
“They will have made a monetary demand to the hospital,” said Callow. “There will be two parts. The first part is providing a cue to recover the locked systems. And the second part will be a pinky promise that they will delete the data that they stole. If the organizations they’ve targeted don’t pay, they start releasing that data on the dark web.”
Despite these promises, Callow said it is difficult to reverse the ripple effect of a cyber security attack of this scale.
“A data breach cannot be undone,” said Callow. “Once the information is out there it is effectively out there for good.”
In the meantime, Callow said individuals who want to protect their information can have their credit monitored, put a freeze on their credit cards and change their passwords.
mmazak@postmedia.com
Article content
