Is “Bl00dy Ransomware Gang” a new ransomware group on the scene, a rebrand, or neither?�� in July, a new channel appeared on Telegram called the “Bl00dy Ransomware Gang.” in August, info about alleged victims started to appear. So far, the mob has leaked some data allegedly from three victims in ii incidents. in each case, there is some confirmation that the victims may experience been attacked, but there is no confirmation from the named victims that this group attacked them.� Here’s what we know so far: One of the claimed victims is a medical do in New York called Primary tutelage of Long Island (PCOLI). PCOLI was added to the telegram channel on august 7. a second website, oncallpractice.com, was also listed as voice of the same incident. Both businesses are listed at 820 Suffolk Avenue, Brentwood, in a building that houses several medical and dental practices. piece the oncallpractice.com website is currently “down for maintenance,” the firm appears to be a business associate or vendor offer billing, appointment booking, and technology services. Their Facebook page has not been updated since July 17. PCOLI’s homepage has a prominently displayed breach notification. According to an undated notification letter, PCOLI believes the breach occurred on or about May 23, 2022. They also state: On June 8th we were informed that the intruder may have transferred files from our systems which may include your name, phone number, address, social surety number, and engagement of birth. Their notification does not mention any encryption of files, disruption to services, or ransom demand. From the small total of proof offered by the terror actors, the types of information acquired included more than what the notification letter describes, but it is not solve whose system the files may have been exfiltrated from. DataBreaches saw images of a� health insurance card for an individual patient with images of their driver’s license, documentation concerning their eligibility for health insurance coverage, and a visit notation describing a dental appointment. But all of those appear to relate to a third entity, Brighter Dental Center. Brighter Dental middle is also located at the same destination in Brentwood, New York, but Brighter Dental snapper was not listed as a victim or target of the ransomware gang. If the dental service uses OnCallPractice (and DataBreaches does not know if it does), it is unclear whether the records were exfiltrated from the dental practise or possibly from OnCallPractice. One of the screenshots provided by “Bl00dy Ransomware Gang” reveals what appear to be patient names and other information, but it is not crystallize what the source of the data is. Redacted by DataBreaches.net. The redaction at the whirligig of the image covers the patient’s name and date of birth.� DataBreaches reached out to PCOLI and OnCallPractice with inquiries. It is unknown to DataBreaches whether there is any concern associate agreement or relationship between the ii entities. Nor does DataBreaches live if there is any connection between either or both of these entities and Brighter Dental Center, who DataBreaches also contacted. None of the ternion entities replied to inquiries.� Nor did an unrelated business firm the group claimed as a victim in another round reply. Who Are the “Bl00dy Ransomware Gang?” DataBreaches had never heard of this group before and, so far, has been unable to find any reports on them or analyses. The only consultation found to ransomware by that epithet so far was an MD5 hash.� So how does the group describe themselves? in a post in their channel, they claimed they encrypted all of a victim’s files with a *.bl00dy lengthiness and then took the servers offline. More than three weeks later, one of the tetrad subdomains was 404, but the other three appear to have been restored. in a stake on their channel, the radical seeks to levy pentesters and others,� offering an 80/20 split. They also offer custom builds for Linux, Windows, NAS, or ESXI for $800, with the purchaser keeping all profits for themselves. But who are they, and if they are legitimately a ransomware group and not some scam, what home of ransomware is this — or is it something unique that they get coded themselves?� DataBreaches does not know, so in increase to reach out to their alleged victims, DataBreaches also reached out to the Bl00dy Ransomware Gang’s contact person to ask them questions; No reply has been received as yet, but the contact’s telegram account has not been accessed since august 26. This post will be updated if replies are received or if more information becomes available. DataBreaches considers the group’s claims unconfirmed at this point because none of the victims have confirmed any ransomware assail or assault by a group with that name.
