Payload Ransomware claims breach of Royal Bahrain Hospital, threatens data leak

The Royal Bahrain Hospital (RBH), a prominent healthcare facility, has allegedly been breached by the Payload Ransomware group. The cybercriminal organization claims to have exfiltrated 110 GB of sensitive data and has added RBH to its Tor data leak site, presenting images as proof of the intrusion. The group has set a deadline of March 23 for ransom payment, threatening to release the stolen information if their demands are not met, according to a recent report by Security Affairs.

Payload Ransomware, a relatively new operation, employs a double-extortion tactic, combining data theft with file encryption to coerce victims. The group primarily targets mid- to large-sized companies in sectors like real estate and logistics, with a focus on emerging markets. Their ransomware utilizes ChaCha20 for encryption and Curve25519 for key exchange, while also disabling security measures and deleting shadow copies. Operating likely as a ransomware-as-a-service scheme, Payload maintains a Tor leak site to publish data from victims who refuse to pay.

Source: Security Affairs