CyberSecurityBoard
Sponsor Register Login

Interlock ransomware claims DaVita attack, leaks stolen data

The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. The healthcare company disclosed to the U.S. Securities and Exchange Commission (SEC) that on April 12 it suffered a ransomware attack  that affected some operations. DaVita stated at the time that it was investigating the impact of the incident. Earlier today, the Interlock ransomware gang claimed the attack on DaVita by adding it to the list of victims published on its data leak site (DLS) on the dark web. According to the gang's claim, they have around 1.5 terabytes of data from the healthcare company, or nearly 700,000 files of what appear to be sensitive patient records, information on user accounts, insurance, and even financial details. If you have received care at a DaVita center and shared sensitive data with the organization, it is recommended to be vigilant for potential phishing attempts and report suspicious communications to the authorities. The threat actor has published the files on their DLS, indicating that negotiations for getting paid by DaVita have failed. BleepingComputer did not review the contents of the files and could not validate their authenticity. A report from cybersecurity company Sekoia last week presented a shift in Interlock’s tactics, who is now employing ‘ClickFix’ tactics to trick targets into infecting themselves with info-stealers and RATs, eventually leading to the deployment of the encryptor payload. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. For many of the listed incidents, the threat actor claims to have stolen terabytes of data from the victim networks. DaVita is a Fortune 500 kidney care provider with more than 2,600 U.S. dialysis centers, 76,000 employees in 12 countries, and an annual revenue exceeding $12.8 billion. We have contacted the healthcare company once again for a comment on Interlock's claims but a statement wasn’t immediately available.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 24 Apr 2025 15:00:13 +0000


Cyber News related to Interlock ransomware claims DaVita attack, leaks stolen data

Interlock ransomware claims DaVita attack, leaks stolen data - The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. The healthcare company disclosed to the U.S. Securities and Exchange Commission (SEC) that on April ...
3 hours ago Bleepingcomputer.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 months ago Cybersecuritynews.com
Interlock ransomware gang pushes fake IT tools in ClickFix attacks - The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. Though this isn't the first time ClickFix has been linked to ransomware infections, ...
6 days ago Bleepingcomputer.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
2 weeks ago Cybersecuritynews.com
Kidney dialysis firm DaVita hit by weekend ransomware attack - Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. At the time of writing, there are no announcements on DaVita's website or social media ...
1 week ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
Interlock Ransomware Employs Multi-Stage Attack Via Legitimate Websites to Deliver Malicious Browser Updates - In early 2025, the operators expanded their tactics by switching from browser update lures to security software updaters, masquerading as FortiClient, Ivanti Secure Access Client, GlobalProtect, and other security products. These fake updaters are ...
1 week ago Cybersecuritynews.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
1 year ago Darkreading.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
9 months ago Bleepingcomputer.com Blacksuit
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
9 months ago Bleepingcomputer.com Blacksuit
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com Rocke Hunters
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
1 year ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Ransomware disrupts some operations of kidney dialysis company DaVita | The Record from Recorded Future News - Microsoft warned last month that ransomware attacks continue to be the primary concern for rural hospitals because of the disruptions to patient care and inability to pay ransoms compared to larger hospital networks. Kidney dialysis company DaVita ...
1 week ago Therecord.media
What is Extortionware? How is It Different From Ransomware? - Let's look at how extortionware works, how it compares to ransomware and why the threat of extortionware is likely to continue growing in years to come. Once access is gained, the victim's data is stolen and analyzed to identify information that can ...
10 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)