November 13, 2024 at 02:18PM
American Associated Pharmacies (AAP) faces a potential ransomware attack by the Embargo group, claiming to have stolen 1.469 TB of data and demanding $1.3 million. AAP hasn’t confirmed the breach but reset all user passwords without explanation. The deadline to pay is November 20 to avoid data leaks.
### Meeting Notes Takeaways
1. **Data Breach Incident**: American Associated Pharmacies (AAP) is reportedly the victim of a cyberattack attributed to the Embargo ransomware group, which allegedly stole and encrypted 1.469 TB of AAP’s data.
2. **Ransom Demand**: Embargo claims AAP has already paid $1.3 million to decrypt their systems and is demanding an additional $1.3 million to prevent the public release of stolen documents.
3. **User Password Reset**: AAP’s website has issued a notice stating that all user passwords for its platforms (APIRx.com and RxAAP.com) have been force-reset, although the reason for this action has not been disclosed.
4. **Inventory Issues**: The notice mentioned that API Warehouse, a subsidiary of AAP, faced some unspecified inventory issues, which have since been resolved.
5. **Ransomware Group Profile**: Embargo, a newly identified ransomware group that emerged in June 2023, is noted for its aggressive tactics, including threatening to expose personal information of individuals within the victim organization if payment is not made.
6. **Lack of Official Statement**: AAP has not confirmed the attack nor has it responded to media inquiries. The organization’s social media has also remained unresponsive to queries about the situation.
7. **History of AAP**: AAP was formed in 2009 from the merger of two pharmacy groups and currently oversees over 2,000 independent pharmacies across the United States.
8. **Potential Threats**: The deadline for AAP to pay the remaining ransom is set for November 20, with the threat of data leakage if the demand is not met.
9. **Market Comparison**: The ransom demands made by Embargo are noted to exceed the FBI-reported average ransomware payment, which is approximately $1.5 million.
10. **Implications**: This incident highlights the growing threat posed by newer ransomware groups and the importance of robust cybersecurity measures in healthcare organizations.