At the end of March 2022, the Scottish Association for Mental Health (SAMH) reported on its website problems with its email servers, as well as the ability to use certain phone lines. A few days later, 12GB of data stolen from the Society was posted on the website of RansomExx, a cybercrime group. The data included copies of identity cards and passports, as well as credit card details. According to SAMH, they are working with all services to minimise losses and find the perpetrators.
RansomExx is a group of cybercriminals who use ransomware techniques on large corporations as well as government organisations. They gained popularity after attacking the Texas State Department of Transportation in 2020 and Gigabyte servers in 2021, threatening to expose 112GB of stolen data.
Ransomware is one type of malware that blocks access to a computer system and prevents the data on it from being read. The data is encrypted and can only be unlocked using a key held by the cybercriminal. The encryption is only released after a ransom is paid. Unfortunately, it is usually impossible to recover the data without paying the money. The ransomware used does not provide any other way to unlock the data, but only by providing the right cipher. It should be emphasised that paying the ransom does not guarantee that the cybercriminal will provide the key to regain access to the encrypted information.