Last week, it appeared that Clinical Diagnostics (“Eurofins”) had paid a gang’s demands not to leak patient data that Nova had exfiltrated during a ransomware attack in July. Clinical Diagnostics in the Netheralands held patient data on 485,000 Dutch women in a cervical cancer screening program. Nova confirmed the payment to a Dutch news outlet.
But yesterday, the attackers posted a new message and warning to the firm. The listing on Nova’s dark web leak site changed to “you break the deal, you will pay”. In an expanded post, Nova seemed to be saying they would leak the data in 10 days because the company had contacted the police (although DataBreaches notes that understanding their English is difficult and DataBreaches may have misunderstood something).. From the post’s broken English, they appeared to also be saying that they had received a higher offer than what the firm had offered.
So now the deal was off and Nova wants more money than they already received?
Today, someone claiming to be the admin and president of Nova issued another post, perhaps trying to clarify what they wrote yesterday. The first line was in English: “Nova Administration Comment: (there is not leak , the post was warn for deal breaking , don’t watch News lot , but anyway the admin will contact me , iam online in session)”
Perhaps recognizing that yesterday’s post created confusion, the remainder of the new post was posted in Russian. A machine translation of the new post reads:
As you know, we are usually open to dialogue, I focus exclusively on attacks — I am the one who attacked your company, As president of Nova, I demand your appearance to discuss the situation, I did not negotiate with you, but I am aware of your low offer for the task force, I agreed to this price because There were no signs of police intervention, please come and contact us personally. — I’ll see you myself, Don’t send anyone else: negotiations should be conducted by a responsible representative, Don’t worry, we won’t disclose patient data under the laws on ransomware, but sometimes we will have to do this if our requests are rejected, In the future we will face more sophisticated attacks, so we don’t have time to play playing games with your company.
There does not appear to be any updated statement on Clinical Diagnostics’ web notice about the incident.
When Your Clarification Confuses Rather Than Clarifies
Nova’s update created even more confusion, and Nova tried again on August 22:
I want to reassure patients that their data was removed from the first Deal. The loss of credibility is the punishment we directed at the company, from which future victims will learn “Never, ever break anything that was agreed upon with our group during negotiations.” We did not leak any data except for Sample, which was deleted. Don’t worry, don’t do stupid things against the company that wants to treat your diseases, all companies are vulnerable to hacking, there are loopholes everywhere, and the upcoming attacks will explain that , this post will be deleted after 2 days , we ask to all news to not scared any women or man, make sure all news posts fake if they say data is leaked, we also ask from company to explain how we help them to recover and Up they security , not just afraid your patients , we also ask from police to stay in them office and don’t play with fire , and don’t touch anything about us ,if you have quastions contact me , iam available in exploit /profile/207284-blackbeard/ , thanks to read , have good day!