Pharmacy managers will pay for the mistakes of the information security department.
The American Associated Pharmacies Association (AAP), which unites more than 2000 independent pharmacies in the United States, has become a victim of the Embargo group. Hackers announced the hacking of systems and the theft of company data. According to the attackers, 1469 TB of information was stolen, which was then encrypted with a further ransom demand.
At this point, the AAP has not confirmed the incident or commented to the media on the claims of the cyberattack. However, on the official website of the company, information appeared about the forced reset of all user passwords. The announcement notes that "passwords associated with APIRx.com and RxAAP.com have been reset, so the former credentials are no longer suitable for login." Users are invited to use the password recovery function.
AAP also mentioned temporary disruptions in the work of its subsidiary API Warehouse, which is engaged in wholesale purchases of prescription drugs. However, the company said that the problems have already been resolved.
The hackers claim that the company has already paid $1.3 million for decryption, but the same amount is needed to prevent the stolen data from becoming publicly available. The company has until November 20 to comply with the requirements. This scheme is called double extortion: first, hackers block access to data, and then threaten to leak it.
The peculiarity of Embargo is that the group publishes the personal data of company executives who interfere with the payment of ransoms or delay the negotiation process. In some cases, hackers reveal the contacts of cybersecurity specialists who helped the affected companies.
Embargo is relatively new to the cybercrime scene — its activities were first recorded in the summer. Despite its relatively short existence, the group has already attracted the attention of more experienced criminal groups such as Storm-0501. Embargo is known to use tools to disable defenses before deploying its core Rust malware.
At the moment, apart from a brief notice on the website, the AAP has not made any official statements about the incident. Users trying to get clarification through the company's social networks have also not yet received a response.
Source
The American Associated Pharmacies Association (AAP), which unites more than 2000 independent pharmacies in the United States, has become a victim of the Embargo group. Hackers announced the hacking of systems and the theft of company data. According to the attackers, 1469 TB of information was stolen, which was then encrypted with a further ransom demand.
At this point, the AAP has not confirmed the incident or commented to the media on the claims of the cyberattack. However, on the official website of the company, information appeared about the forced reset of all user passwords. The announcement notes that "passwords associated with APIRx.com and RxAAP.com have been reset, so the former credentials are no longer suitable for login." Users are invited to use the password recovery function.
AAP also mentioned temporary disruptions in the work of its subsidiary API Warehouse, which is engaged in wholesale purchases of prescription drugs. However, the company said that the problems have already been resolved.
The hackers claim that the company has already paid $1.3 million for decryption, but the same amount is needed to prevent the stolen data from becoming publicly available. The company has until November 20 to comply with the requirements. This scheme is called double extortion: first, hackers block access to data, and then threaten to leak it.
The peculiarity of Embargo is that the group publishes the personal data of company executives who interfere with the payment of ransoms or delay the negotiation process. In some cases, hackers reveal the contacts of cybersecurity specialists who helped the affected companies.
Embargo is relatively new to the cybercrime scene — its activities were first recorded in the summer. Despite its relatively short existence, the group has already attracted the attention of more experienced criminal groups such as Storm-0501. Embargo is known to use tools to disable defenses before deploying its core Rust malware.
At the moment, apart from a brief notice on the website, the AAP has not made any official statements about the incident. Users trying to get clarification through the company's social networks have also not yet received a response.
Source
