Data of 950,000 Users Compromised in BlackSuit Ransomware Attack

• An Atlanta-based software solution provider called Young Consulting was recently hit by a data break that exposed the data of 954,177 users.
• The BlackSuit gang has claimed responsibility for the attack and has already leaked a part of the stolen data on its portal.
• If their demands are not met, they have threatened to leak more sensitive information, including family details, medical records, contracts, contacts, etc.

Software solution provider Young Consulting (now Connexure) has been hit by a massive data breach that has exposed the data of nearly 954,177 people.

Affected users have already been notified about the incident, according to a confirmation sent by the company to the Maine Attorney General's Office.

As compensation, each affected user will get a year of free credit monitoring services by Cyberscout - for which they need to file a claim by November of this year.

About the Attack

The attack took place on April 10, 2024 and was discovered 3 days later on April 13 when the company noticed some technical difficulties within its environment.

As soon as the attack was discovered, the company took the affected systems offline to contain the breach. Next, it launched an investigation with the help of a cybersecurity forensics firm to determine the nature of the attack and extent of damage.

The investigation concluded on June 28 and it was revealed that a BlackSuit ransomware was behind the attack. However, even before the investigation was over, the threat actors had already claimed responsibility for the attack.

It was purely a financially motivated attack, as the group threatened to leak the data if its demands were not met. A few weeks later, after many failed extortion attempts, the threat actors leaked the data on their darknet-based extortion portal.

Unfortunately, not much is known about this group. Earlier this month, CISA and the FBI reported that it might be a rebrand of the Royal ransomware.

However, what's more concerning is that it has wreaked havoc in the US, making over$500 million in ransom demands in just the last two years.

About the Compromised Data

The compromised data belongs mostly to health insurer Blue Shield of California (primarily its customers on the health plan") and to a few other covered entities."

Data includes users' names, dates of birth, social security numbers, insurance policy/claim information, prescriptions, and provider names. We don't know who the other entities are, but Blue Shield of California has already notified its customers.

The group behind the attack has also threatened that they have more information (much more than what Young Consulting revealed in its notification) - and if its demands are not met, it will also leak the users' family details, employee passports, medical records, contracts, presentations, financial audits, and a lot more.

What Can the Affected Users Do Now?

First and foremost, affected users need to take up Young Consulting's free credit monitoring offer. Since a part of the stolen data has already been leaked, it will come in handy.

They should also be vigilant, stay away from suspicious emails and messages, as they can be phishing attempts, and keep an eye on their finances to ensure there's no suspicious activity.

Other than that, there's, unfortunately, nothing much to do except wait for the company and the authorities to dictate the next steps.

The post Data of 950,000 Users Compromised in BlackSuit Ransomware Attack appeared first on The Tech Report.