Iain Thomson reports:
HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.
Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and family health and social services across the UK for the NHS and local authorities, with a workforce said to number 5,000. Its annual turnover to March 2023, its latest available figure, was just shy of £250 million ($315 million).
In an update on its dark-web site, the Medusa crew claimed it had stolen 2.275 TB of data from HCRG, and will either sell that information to a buyer for $2 million (£1.6 million), delete its copy of that info for the same amount, or leak it all online if no one pays up by February 27.
Read more at The Register.
If the claims and reporting are accurate, then Medusa has broken with its usual practice of encrypting and extorting victims as they reportedly did not lock HCRG’s systems or files.