Memorial Sloan Kettering Cancer Center claimed by rookie ransom group

The prestigious Memorial Sloan Kettering Cancer Center (MSKCC) in New York City has been claimed by the Meow ransomware gang – a fairly new criminal outfit whose dark leak site only dates back to September.

The Manhattan-based cancer treatment and research institution was listed on the 'Meow Leaks' dark site on Tuesday, December 12th.

MSKCC, one of the oldest and largest private cancer centers in the world, serves more than 800,000 patients per year and has more than 21,000 employees, including 17,000 physicians, scientists, and nurses.

The "Memorial Sloan Kettering Cancer Center" victim entry provides little information, stamped only with a “Preview” banner, the MSKCC logo, and the word “soon.”

Meow claims Memorial Sloan Kettering Cancer Center
Meow leak site. Image by Cybernews.

Last year's revenue for the medical center was listed at $6.6 billion, according to Becker's Hospital Review. In 2021, the center took in more than $600 million in donations from more than 420,000 individuals, families, foundations, and companies.

If Meow’s claims prove true, MSKCC's stolen data could provide hackers with an enormously lucrative trove of sensitive personal information, including the health and financial records belonging to hundreds of thousands of patients and donors alike.

Who is Meow?

Meow ransomware was first observed by researchers in August 2022, and until recently, the group appeared to have dropped off the radar in February 2023.

It is said to have derived the NB65 ransomware, which is an altered version of the Russian-affiliated Conti v2 variant., according to a Meow profile by the cybersecurity technology firm WatchGuard,

The Conti v2 variant was apparently leaked by a Ukrainian hacker as payback for the group’s public support for Russia after the Spring 2022 invasion of Ukraine.

Also known as MeowCorp or MeowCorp2022, the threat actors often refer to themselves as an Anti-Russian Extortion Group.

The ransomware itself is known to use the file extension ".MEOW," while its ransom notes – which contain four email addresses and two Telegram handles for victims to contact the gang – are titled “readme.txt.”

"MEOW! MEOW! MEOW! Your files has been encrypted! Need decrypt? Write to e-mail:...," the note states, followed by the gang's contact information.

Meow ransom note
Meow leak site. Image by WatchGuard.

Meow ransomware also shares similar characteristics to the Conti v2 ransomware in that it uses a combination of ChaCha20 and RSA-4096 to encrypt its victim files, WatchGuard said. Other ransomware strains created from the leaked Conti variant include Putin Team, ScareCrow, and BlueSky.

Currently, the group lists only 10 other victims on its dark leak site, two posts dating from September, seven posts in November, and one other post in the beginning of December.

Some posts also appear to be from older attacks; for example, the Vanderbilt University Medical Center was listed as a victim on November 18th, but its entry states the hack was from February 11th, 2023.

Cybernews has reached out to Sloan Kettering and will update the story as new information comes in.

MSKCC is recognized as one of the top two cancer hospitals in the US for more than 30 years, the center’s website says.

More from Cybernews:

Teens “almost constantly” on YouTube, TikTok

Spider-Man game creator claimed by ransom gang

Ukraine telecoms giant struck by threat actor

UK adult content age verification may have unwanted effects

Russian cyber gang mimics job candidates to steal data

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked