IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ransomware strikes Scottish mental health charity

The RansomEXX cyber criminals have claimed responsibility for the hack which led to more than 12GB of sensitive data being leaked to the dark web

The ​​Scottish Association for Mental Health (SAMH) has confirmed that it has fallen victim to a ransomware attack that has affected its IT systems, including email and some phone lines.

SAMH confirmed to IT Pro that the attack had taken place but is still working to fully understand the incident.

"SAMH is currently dealing with an IT incident, which is affecting our colleagues’ ability to receive and respond to emails across both our national and local service locations,” a statement on its website reads. "Some of our national phone lines are also affected.

“Our local services are still reachable by phone and continue to support service users across Scotland.”

Cyber security researcher Soufiane Tahiri spotted a dark web data dump containing more than 12GB worth of data belonging to the charity on Monday. The gang behind the RansomEXX ransomware strain claimed responsibility by adding SAMH to its victim list. 

The data includes sensitive information such as names address, email addresses, and passport scans. Onlookers have described the attack on the charity as “disgusting”.

"We are devastated by this attack," said Billy Watson, chief executive at SAMH to IT Pro. "It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable. 

"Our priority is to continue to do everything we can to deliver our vital services. My thanks to our staff team who, under difficult circumstances, are finding ways to keep our support services running to ensure those they support experience as little disruption as possible.  

"We are working closely with various agencies including Police Scotland - this is an active investigation. We will continue to take the best expert advice to assist us in effectively dealing with this situation."

IT Pro has asked SAMH for further clarity on the number of individuals affected by the breach and how long it expects disruption to last. This story will be updated when new developments are revealed.

The RansomEXX ransomware was first observed in 2018 but came to prominence in 2020 after a number of high-profile attacks on government departments like the Texas Department of Transportation.

Analysing the ransomware in 2021, cyber security company Cybereason said RansomEXX is typically used in “multi-staged human-operated attacks targeting various government-related entities”.

The ransomware is known for disabling security products to more easily infect a target machine. RansomEXX started on Windows but has more recently evolved to operate a Linux variant too, Cybereason said, though the Linux variant is less complex and lacks certain functionality like disabling security products.

Related Resource

Improve security and compliance

Adopting an effective security and compliance risk management approach

Whitepaper cover with image of a shield with red outline, red numbers 1s & 0s, red cubes and white cloud outlinesFree Download

RansomEXX is also a file-less ransomware strain, “usually delivered as a secondary in-memory payload without ever touching the disk”.

Other RansomEXX victims include Embraer, one of the largest aircraft manufacturers in the world, Japanese business technology company Konica Minolta, and Brazil’s court system in November 2020.

The cyber criminals behind RansomEXX have also been found to have been targeting flaws in VMware’s ESXi hypervisor in October 2020.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Google Russia files for bankruptcy, ends operations in the country
Business operations

Google Russia files for bankruptcy, ends operations in the country

19 May 2022