The notorious NoEscape ransomware group has recently targeted Fiocruz, an institution of vital importance in Brazil. Fiocruz, also known as the Oswaldo Cruz Foundation, is a renowned research institution based in Blumenau, Santa Catarina, that focuses on immunobiology and plays a crucial role in addressing public health challenges.
The Fiocruz data breach was made public through a post on the dark web channel associated with the NoEscape ransomware group. The group claims to have breached Fiocruz’s security defenses and gained access to a massive 500GB of sensitive organizational data.
Initially, Fiocruz’s management, led by Paulo Gadelha and Mauricio Zuma, refuted any compromise. However, evidence suggests that the organization’s primary servers have been compromised and encrypted by the NoEscape ransomware group. The stolen data from the breach includes backups, databases, projects, certificates, legal documents, financial records, sensitive human resources data, and reports related to sexual harassment.
The Cyber Express reached out to Fiocruz for more information about the breach, but no official response or statement has been provided at this time. This lack of response has fueled speculation about the validity of the claims surrounding the Fiocruz data breach.
The NoEscape ransomware group is known for its sophisticated operational methods. Unlike other cybercriminal factions, this group develops its own self-developed C++-based ransomware, distinguishing them in the cyber threat landscape. They have also launched the NoEscape Ransomware-as-a-Service (RaaS) initiative, which recruits affiliates to expand the reach of their illicit activities.
The NoEscape ransomware group uses a hybrid encryption technique, combining both ChaCha20 and RSA encryption algorithms. This approach ensures the security of both files and encryption keys. The ransomware is also designed to work within Windows Safe Mode, allowing it to evade security tools and encrypt files after system reboots.
To identify potential vulnerabilities, the NoEscape ransomware group employs advanced strategies like asynchronous LAN scanning. This enables lateral movement within networks, making detection efforts more challenging. The ransomware also uses shared encryption, allowing a single key to encrypt all files across a network.
To maintain the secrecy of Bitcoin transactions, NoEscape incorporates an undisclosed method, making it difficult to trace financial activities. The ransomware is compatible with various systems, including Windows XP to Windows 11, Linux distributions, and VMware ESXi. Attackers can also customize the encryption process with configurable modes.
Once a breach is successful, the NoEscape ransomware group implements a triple-extortion technique. This involves encrypting the victim’s data, demanding a ransom payment, and threatening to sell or publish the compromised data if the ransom is not paid. This multi-pronged approach increases the pressure on victims to comply with their demands.
It is important to note that the information provided in this report is based on internal and external research obtained through various means. Users should use this information for reference purposes only and bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
In conclusion, the Fiocruz data breach by the NoEscape ransomware group has significant implications due to the compromised servers and the sensitive data that has been stolen. This incident highlights the sophisticated operational methods of the NoEscape group and their unique approach to ransomware attacks. Fiocruz’s management has yet to provide an official response, leaving speculation about the validity of the breach claims. As the investigation continues, it is crucial for organizations to remain vigilant and take proactive measures to enhance their cybersecurity defenses.