Keralty is a Colombian healthcare provider that operates an international network of 12 hospitals and 371 medical centers in Latin America, Spain, USA and Asia. The company has 24,000 employees who provide medical care to more than 6 million patients.
Keralty said on Tuesday that the company and its two subsidiaries (EPS Sanitas and Colsanitas) were attacked on November 27. The attack caused disruptions in IT systems, errors in schedules for doctors, and websites stopped working.
According to local media reports, because of everything that happens, customers are the first to suffer - people stand in lines for 12 hours and lose consciousness due to the lack of medical care. The company said that all employees are working 24 hours a day to restore any damaged systems as soon as possible and continue to work as usual. In addition, Keralty has already contacted law enforcement and launched an investigation.
The first ransom note was shared by Twitter user xfalexx.
Experts found out that this note belongs to the RansomHouse group, and the ransomware is called Mario. This malware encrypts data on Windows and Linux devices, adds the “.mario” extension to encrypted files, and leaves ransom notes called "How To Restore Your Files.txt".
RansomHouse hackers boast that they were the ones who attacked Keralty on November 27 and stole 3 TB of data. However, there is no exact confirmation of their loud statements yet.