Like other ransomware gangs, the Termite cybercrime group is involved in data theft, extortion, and encryption attacks. According to cybersecurity firm Trend Micro, they're using a version of the Babuk encryptor leaked in September 2021 and are known to drop a "How To Restore Your Files.txt" ransom note on the victims' encrypted systems. The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers. The IVF (in vitro fertilization) provider has been operating since 1986 (when it was known as Sydney IVF). It offers a wide range of services, including fertility treatments, tests, genetic services, preservation options, and donor programs, in 22 fertility clinics in New South Wales, South Australia, Western Australia, Melbourne, Canberra, and Queensland. Termite is a ransomware operation that surfaced in mid-October, according to threat intelligence company Cyjax, and has since listed 18 victims on its dark web portal from all over the world and various industry sectors. While Genea didn't attribute the attack to a specific threat group or cybercrime operation, the Termite ransomware gang claimed responsibility on Monday. The company said it obtained a court-ordered injunction to prevent the leaked data from being shared by others, and it's also working with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre to investigate an incident. In a new entry on their dark web leak site, they said they stole roughly 700GB of data and leaked screenshots of identification documents and patients' files allegedly stolen from Genea's network. The redacted court order reveals that the threat actors breached Genea's network on January 31, 2025, through a Citrix server.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 26 Feb 2025 13:35:17 +0000