After the operators behind the SunCrypt ransomware published nearly 50,000 files stolen from University Hospitals New Jersey (UHNJ), the hospital reached out to the group to negotiate a payment and stop further data from being leaked. Only two servers had been encrypted, so the main concern for UHNJ was to prevent patient information from being released. SunCrypt operators claimed to have IDs, birthdays, SSNs and information on illnesses for patients. The initial ransom demand to UHNJ was $1.7 million but was eventually brought down to $672,744 which was paid in mid-September. Afterwards, the SunCrypt operators agreed not to disclose any further data or attack UHNJ again.
Several ransomware groups have already told Bleepingcomputer that they would not attack healthcare organizations, including CLOP, DoppelPaymer, Maze, and Nefilim. Although the Netwalker group claimed they would not purposefully target them, they stated that anyone infected would have to pay their ransom. When contacted by Dissent Doe of Databreaches.net, the SunCrypt operators responded that they would no longer target healthcare organizations. “We don’t play with people’s lives. And no further attacks will be carried against medical organizations even in this soft way.”