A Maryland healthcare organization faced a Phobos ransomware attack in the summer of 2022, resulting in a ransom payment of $25,000. The attack not only encrypted critical data but also threatened to publish stolen information, causing significant disruption to the organization's operations and potentially compromising sensitive patient information.
Source: https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police
TPRM report: https://scoringcyber.rankiteo.com/company/maryland-department-of-health
"id": "mar710072025",
"linkid": "maryland-department-of-health",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Education',
'location': 'California',
'name': 'California public school system',
'type': 'Education'},
{'industry': 'Professional Services',
'location': 'Maryland',
'name': 'Maryland-based company',
'type': 'Accounting and consulting'},
{'industry': 'Healthcare',
'location': 'Pennsylvania',
'name': 'Pennsylvania healthcare organization',
'type': 'Healthcare'},
{'industry': 'Defense and Energy',
'location': 'Illinois',
'name': 'Illinois-based contractor',
'type': 'Contractor'},
{'industry': 'Healthcare',
'location': 'Maryland',
'name': 'Maryland healthcare organizations',
'type': 'Healthcare'},
{'industry': 'Law Enforcement',
'location': 'New York',
'name': 'New York-based law enforcement union',
'type': 'Law Enforcement'},
{'industry': 'Government',
'name': 'Federally recognized tribe',
'type': 'Government'},
{'industry': 'Education',
'location': 'Connecticut',
'name': 'Connecticut public school system',
'type': 'Education'},
{'industry': 'Healthcare',
'location': 'North Carolina',
'name': 'North Carolina children’s hospital',
'type': 'Healthcare'}],
'attack_vector': ['Phobos ransomware', '8Base ransomware'],
'data_breach': {'data_exfiltration': 'Yes'},
'date_publicly_disclosed': '2024-02-01',
'description': 'Victims of Phobos and 8Base ransomware incidents will now '
'have access to a decryptor thanks to Japan’s National Police '
'Agency. The tool was shared by the European Cybercrime Centre '
'and the FBI, which noted that its Baltimore office led an '
'investigation that culminated in charges against Phobos '
'affiliates earlier this year.',
'impact': {'financial_loss': ['$16 million']},
'investigation_status': 'Ongoing',
'motivation': 'Financial',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': ['$300,000',
'$12,000',
'$20,000',
'$25,000',
'$37,000',
'$100,000'],
'ransom_paid': ['$300,000',
'$12,000',
'$20,000',
'$25,000',
'$37,000',
'$100,000'],
'ransomware_strain': ['Phobos', '8Base']},
'references': [{'source': 'Japan’s National Police Agency'},
{'source': 'European Cybercrime Centre'},
{'source': 'FBI'}],
'regulatory_compliance': {'legal_actions': ['Arrests and extraditions']},
'response': {'law_enforcement_notified': 'Yes',
'third_party_assistance': ['European Cybercrime Centre', 'FBI']},
'threat_actor': ['Phobos', '8Base'],
'title': 'Phobos and 8Base Ransomware Incidents',
'type': 'Ransomware'}