The Oswaldo Cruz Foundation (Fiocruz), a renowned research institution, has fallen victim to a significant data breach orchestrated by the NoEscape ransomware group, leading to the encryption of its primary servers and exposing a massive 500GB of sensitive organizational data.
Furthermore, this breach, which came to light through a post on the dark web associated with the cybercriminal collective, has far-reaching implications due to Fiocruz’s pivotal role in advancing immunobiology and addressing health challenges.
Despite evidence of compromise, the organization’s management initially refuted the breach, raising concerns about the security of critical information.
The pilfered data from the Fiocruz breach includes critical documents, backups, databases, projects, legal documents, financial records, sensitive human resources data, and even reports related to sexual harassment. The breach has underscored the sophisticated operational methods of the NoEscape Ransomware Group, which stands out by using its own self-developed C++-based ransomware rather than relying on third-party tools. This group’s aggressive approach is evident in the unveiling of their Ransomware-as-a-Service (RaaS) initiative, designed to expand their reach by enlisting affiliates.
The NoEscape ransomware employs advanced techniques, including hybrid encryption using ChaCha20 and RSA algorithms, functioning within Windows Safe Mode, and utilizing asynchronous LAN scanning for identifying vulnerabilities.
Its wide compatibility across various systems and configurable encryption modes highlight its sophistication. The group’s triple-extortion technique, involving data encryption, ransom demands, and threats to publish compromised data, intensifies the pressure on victims to comply. The breach underscores the urgency of addressing ransomware threats and safeguarding critical data in institutions of vital importance like Fiocruz.
