When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. BleepingComputer reported that SunCrypt operators had reached out to them to introduce themselves as part of the Maze cartel. Days later, BleepingComputer had to update their article with a statement that Maze had denied that SunCrypt was part of their cartel. Was SunCrypt or wasn’t SunCrypt part of the cartel? Although there was some evidence to suggest that they were, Maze’s firm denial left It all in doubt. What wasn’t in doubt, however, was that it was clear that SunCrypt was capable of doing significant harm to victims.
In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it. Knowing that the threat actors probably would not say why the victim’s name had been removed, DataBreaches.net sent them an inquiry anyway.
Their response was somewhat surprising. Although they wouldn’t comment on the medical entity at all, when asked if they would consider not attacking medical entities going forward, their spokesperson immediately responded, “Already done.” And they wanted us to know that even when they had attacked a medical entity in the past, they had carefully avoided ever locking up life support systems or interfering with any hospital operations.
“We were aiming for the data,” the spokesperson stated, adding,
We don’t play with people’s lives. And no further attacks will be carried against medical organizations even in this soft way.
SunCrypt hopes other ransomware groups will follow their model on that, but notes that their commitment not to attack medical entities does not extend to all pharmaceutical companies. It’s an issue that they are still debating because there are “lots of pros and cons.” Although they will not attack companies involved in COVID-19 research or treatment, companies that are part of the beauty industry and that do animal testing might be targeted, the spokesperson explained, although it’s still under consideration.
So SunCrypt pledges to leave medical entities alone, and DataBreaches.net hopes they stick to their pledge on that. But who will be they be focusing on, then? According to the spokesperson, “Suncrypt is after the cybersecurity companies,” and they say we will all be seeing proof of that very soon.
As to the conflicting claims about their participation in the Maze cartel, the spokesperson would not comment on any previous affairs but stated that at the moment, SunCrypt is not a part of any cartel or ransomware group.