BlackCat ransomware stole 120GB of medical data from Advarra using a SIM swap attack

Advarra, a company offering services for medical research and clinical trials, fell victim to a cybercriminal attack linked to the ALPHV, aka BlackCat ransomware group. The perpetrators executed a SIM swapping scheme, transferring a senior manager’s phone number to their own SIM card, which granted them access to both the victim’s professional and personal accounts. This incident has sparked discussions on the security of SMS and voice call authentication, which are susceptible to such attacks.

The intruders claimed to have exfiltrated over 120 GB of data, including the personal information of clients, patients, and both current and former employees. They further published the personal details of a minor and a passport scan of an Advarra executive as proof of their intrusion.

Subsequently, a notice appeared on the leak site warning Advarra to establish contact within 24 hours or face the publication of all stolen data. The breach and data theft occurred on October 25th. An attacker’s claim that executives were aware of the breach on the day it happened, yet neither paid the ransom nor engaged in negotiations, added to the gravity of the situation. Despite these threats, the company asserted that the situation was under control and that no systems accessed by clients or partners were compromised.

A representative from Advarra confirmed to The Register that an employee was indeed targeted in the attack, but reassured that measures were taken to prevent further breaches and that an investigation is underway with the assistance of cybersecurity experts and federal law enforcement. They maintained that business operations were unaffected and all systems were functioning normally.