Hacking incidents directed at medical facilities for cyber terror and blackmailing purposes have increased recently, the most notable being the WannaCry attacks that hit British hospitals this May. Less familiar but also concerning are the attacks that hit the clinic of Grozio Chirurgija, a Lithuanian plastic surgeon whose clients included a number of celebrities from Lithuania, Denmark, and other European countries.
The hack seized private client information, including a number of nude photos depicting clients before and after undergoing plastic surgery, which the hackers then held for ransom. In addition to the photos, the hackers also downloaded social security numbers and address information, as well as photocopied passports.
Hackers demanded that the clinic pay them 300 bitcoin, an amount equivalent to $777,591. The clinic refused to pay, stating that they refused to cooperate with blackmailers and extortionists. The clinic reported the hack to authorities, hired cybersecurity experts to look into the attacks, and warned clients not to open any suspicious emails or respond to any of the blackmailers’ attempts to make contact. .
The hackers eventually reduced the price to 50 bitcoin–considerably less than they’d been asking for previously, but still a whopping $129,755. The hackers sent a statement with the reduced price change, warning, “We have lowered full package price…It’s only up to you to decide how much longer you will keep this going…Will you have enough ego to stop this or will you continue lying to your clients?” But the clinic refused to pay the reduced ransom as well, and the stand-off continued.
Individual victims whose photos were retrieved during the attack were similarly told that they could pay ransoms amounting to about $2000 –and sometimes as much as $2,800– or else see the photos posted onto the dark web. The hackers also told the frustrated and concerned victims that their ongoing problems were due to the “irresponsible” way that the Grozio Chirurgija clinic handled the situation –that is, not paying the ransom.
According to Andzejus Raginskis, the deputy chief of Lithuania’s criminal police bureau, that ultimatum has now come to pass, and the photos are available on the dark web.