RansomHouse Attacks Dameron Hospital in the US

By Miklos Zoltan . 14 December 2023

Founder - Privacy Affairs

Fact-Checked this

RansomHouse attacked the Dameron hospital recently, managing to extract over 480 of confidential data. Everything was encrypted on the victim’s end and the attackers threatened to make everything public unless hospital representatives contact them.

RansomHouse made public important information regarding the hospital’s staff number and finances
The hit appears to be financially motivated, as is the case with all ransomware attacks
Unlike other ransomware actors, RansomHouse operates slightly differently, in the sense that they don’t encrypt the data; they simply steal it and demand a ransom to delete it
It is still unclear how the current situation is unfolding from the perspective of the Dameron hospital

RansomHouse performed a targeted and meticulous attack that managed to penetrate the hospital’s defense systems. This allowed the criminals to secure a massive package of data, slightly over 480 GB.

The data presumably contains information about the staff, clients, finances, and other private aspects that would qualify as sensitive. It is still unclear how the business has reacted to the breach.

Tweet showing the RansomHouse attack on the US hospital — https://twitter.com/FalconFeedsio/status/1735193515733446665

As stated in the ransom note itself, the Dameron hospital’s revenue is slightly over $153. This information is important because most ransomware actors, RansomHouse included, adjust the value of the ransom based on their victim’s worth.

Who is RansomHouse and How Do They Operate?

RansomHouse is a relatively new organization that dates back since December of 2021. Despite that, the group has been involved in a number of high-profile hits, with some of the victims including Keralty, AMD, and even the Vanuatu government.

Unlike most ransomware organizations, RansomHouse does not encrypt their victims’ data. Instead, they simply download as much as they can and ask for ransom in exchange for deleting it.

This approach makes their operations simpler, less complex, and less risky, which explains the group’s high success rate. Each failed extortion attempt leads to RansomHouse publishing the data they stole on their Tor website.

RansomHouse also has a Telegram group where they communicate with other hacking organizations and even anonymous individuals. The negotiations also differ from what you would expect from such a group.

Unlike other hacktivist groups who are simply motivated by financial gains, RansomHouse also appears to want to help the victims. This has become evident on several hits, especially that on AMD.

On that occasion, RansomHouse criticized AMD’s poor user login security and advised them on how to improve that. Also, it appears that the hackers always keep their word and delete any data and backdoors upon receiving the ransom.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

RansomHouse Attacks Dameron Hospital in the US

Who is RansomHouse and How Do They Operate?

Our Mission

Miklos Zoltan

Leave a Comment Cancel