The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization.
DaVita is a Fortune 500 kidney care provider with more than 2,600 U.S. dialysis centers, 76,000 employees in 12 countries, and an annual revenue exceeding $12.8 billion.
The healthcare company disclosed to the U.S. Securities and Exchange Commission (SEC) that on April 12 it suffered a ransomware attack that affected some operations. DaVita stated at the time that it was investigating the impact of the incident.
Earlier today, the Interlock ransomware gang claimed the attack on DaVita by adding it to the list of victims published on its data leak site (DLS) on the dark web.
According to the gang’s claim, they have around 1.5 terabytes of data from the healthcare company, or nearly 700,000 files of what appear to be sensitive patient records, information on user accounts, insurance, and even financial details.
The threat actor has published the files on their DLS, indicating that negotiations for getting paid by DaVita have failed. BleepingComputer did not review the contents of the files and could not validate their authenticity.
We have contacted the healthcare company once again for a comment on Interlock’s claims but a statement wasn’t immediately available.
If you have received care at a DaVita center and shared sensitive data with the organization, it is recommended to be vigilant for potential phishing attempts and report suspicious communications to the authorities.
Interlock is one of the newer gangs on the ransomware scene. It launched last September targeting Windows and FreeBSD systems.
Though it does not work with external affiliates, it is a relatively active and evolving threat that has taken responsibility for a dozen attacks. For many of the listed incidents, the threat actor claims to have stolen terabytes of data from the victim networks.
A report from cybersecurity company Sekoia last week presented a shift in Interlock’s tactics, who is now employing ‘ClickFix’ tactics to trick targets into infecting themselves with info-stealers and RATs, eventually leading to the deployment of the encryptor payload.
