Article Details
Scrape Timestamp (UTC): 2025-04-24 15:07:09.818
Original Article Text
Click to Toggle View
Interlock ransomware claims DaVita attack, leaks stolen data. The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. DaVita is a Fortune 500 kidney care provider with more than 2,600 U.S. dialysis centers, 76,000 employees in 12 countries, and an annual revenue exceeding $12.8 billion. The healthcare company disclosed to the U.S. Securities and Exchange Commission (SEC) that on April 12 it suffered a ransomware attack that affected some operations. DaVita stated at the time that it was investigating the impact of the incident. Earlier today, the Interlock ransomware gang claimed the attack on DaVita by adding it to the list of victims published on its data leak site (DLS) on the dark web. According to the gang's claim, they have around 1.5 terabytes of data from the healthcare company, or nearly 700,000 files of what appear to be sensitive patient records, information on user accounts, insurance, and even financial details. The threat actor has published the files on their DLS, indicating that negotiations for getting paid by DaVita have failed. BleepingComputer did not review the contents of the files and could not validate their authenticity. We have contacted the healthcare company once again for a comment on Interlock's claims but a statement wasn’t immediately available. If you have received care at a DaVita center and shared sensitive data with the organization, it is recommended to be vigilant for potential phishing attempts and report suspicious communications to the authorities. Interlock is one of the newer gangs on the ransomware scene. It launched last September targeting Windows and FreeBSD systems. Though it does not work with external affiliates, it is a relatively active and evolving threat that has taken responsibility for a dozen attacks. For many of the listed incidents, the threat actor claims to have stolen terabytes of data from the victim networks. A report from cybersecurity company Sekoia last week presented a shift in Interlock’s tactics, who is now employing ‘ClickFix’ tactics to trick targets into infecting themselves with info-stealers and RATs, eventually leading to the deployment of the encryptor payload.
Daily Brief Summary
The Interlock ransomware gang attacked DaVita, a major kidney care provider, impacting some of its operations.
DaVita reported the ransomware incident to the U.S. Securities and Exchange Commission on April 12, noting the investigation was ongoing.
Interlock has since claimed responsibility for the attack and added DaVita to its list of victims on the dark web's data leak site.
The gang allegedly stole 1.5 terabytes of data from DaVita, including sensitive patient records, user accounts, insurance details, and financial information.
Following unsuccessful negotiations, Interlock published nearly 700,000 files on their dark web site, indicating a breakdown in ransom negotiations.
DaVita has been approached for comment regarding the data leak claim, but no immediate response was provided.
The incident highlights the importance of cybersecurity vigilance, as affected patients are advised to watch for possible phishing scams related to their leaked data.
Recent reports suggest that Interlock has shifted tactics, increasingly using methods like ‘ClickFix’ to deploy their ransomware.