Columbus Regional Healthcare System (CRHS), a non-profit organization in North Carolina licensed for 154 beds, has fallen victim to the Daixin ransomware group. The cyberattack occurred on May 18 when Daixin claims to have encrypted the hospital’s servers after exfiltrating data and deleting backups. In the aftermath, negotiations ensued between the ransomware group and CRHS, with Daixin initially demanding $2 million. Despite the hospital’s claim of financial constraints due to its non-profit status, negotiations broke down, leading to a reduced ransom demand of $1 million.
During the negotiation process, CRHS’s spokesperson explained the financial challenges of obtaining cyberinsurance quickly and asserted that the demanded amount exceeded their affordability. Daixin, familiar with such explanations from previous victims, remained unmoved. The hospital’s negotiator pointed out their non-profit status, emphasizing that all funds are allocated to operating costs. Despite a reduced ransom offer from Daixin, negotiations reached an impasse on June 6, with CRHS’s negotiator failing to return to the chat as promised.
Daixin, undeterred by the failed negotiations, revealed plans to leak over 250,000 files within the next day, claiming to have exfiltrated 70 GB of sensitive data. The ransomware group characterized the situation as expected, asserting that CRHS had no intention of paying from the beginning. Additionally, Daixin noted the professionalism of the hospital’s negotiator, who adeptly disguised themselves as a CRHS employee. The cybersecurity crisis at CRHS underscores the escalating challenges faced by organizations dealing with ransomware attacks and the potential consequences of failing to meet hackers’ demands.
