IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ransomware strikes Scottish mental health charity

The RansomEXX cyber criminals have claimed responsibility for the hack which led to more than 12GB of sensitive data being leaked to the dark web

The ​​Scottish Association for Mental Health (SAMH) has confirmed that it has fallen victim to a ransomware attack that has affected its IT systems, including email and some phone lines.

SAMH confirmed to IT Pro that the attack had taken place but is still working to fully understand the incident.

"SAMH is currently dealing with an IT incident, which is affecting our colleagues’ ability to receive and respond to emails across both our national and local service locations,” a statement on its website reads. "Some of our national phone lines are also affected.

“Our local services are still reachable by phone and continue to support service users across Scotland.”

Cyber security researcher Soufiane Tahiri spotted a dark web data dump containing more than 12GB worth of data belonging to the charity on Monday. The gang behind the RansomEXX ransomware strain claimed responsibility by adding SAMH to its victim list. 

The data includes sensitive information such as names address, email addresses, and passport scans. Onlookers have described the attack on the charity as “disgusting”.

"We are devastated by this attack," said Billy Watson, chief executive at SAMH to IT Pro. "It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable. 

"Our priority is to continue to do everything we can to deliver our vital services. My thanks to our staff team who, under difficult circumstances, are finding ways to keep our support services running to ensure those they support experience as little disruption as possible.  

"We are working closely with various agencies including Police Scotland - this is an active investigation. We will continue to take the best expert advice to assist us in effectively dealing with this situation."

IT Pro has asked SAMH for further clarity on the number of individuals affected by the breach and how long it expects disruption to last. This story will be updated when new developments are revealed.

The RansomEXX ransomware was first observed in 2018 but came to prominence in 2020 after a number of high-profile attacks on government departments like the Texas Department of Transportation.

Analysing the ransomware in 2021, cyber security company Cybereason said RansomEXX is typically used in “multi-staged human-operated attacks targeting various government-related entities”.

The ransomware is known for disabling security products to more easily infect a target machine. RansomEXX started on Windows but has more recently evolved to operate a Linux variant too, Cybereason said, though the Linux variant is less complex and lacks certain functionality like disabling security products.

Related Resource

Improve security and compliance

Adopting an effective security and compliance risk management approach

Whitepaper cover with image of a shield with red outline, red numbers 1s & 0s, red cubes and white cloud outlinesFree Download

RansomEXX is also a file-less ransomware strain, “usually delivered as a secondary in-memory payload without ever touching the disk”.

Other RansomEXX victims include Embraer, one of the largest aircraft manufacturers in the world, Japanese business technology company Konica Minolta, and Brazil’s court system in November 2020.

The cyber criminals behind RansomEXX have also been found to have been targeting flaws in VMware’s ESXi hypervisor in October 2020.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022