THE Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a 70‑bed healthcare facility founded in 2011 that serves Bahrain and neighbours such as Oman, Qatar, Saudi Arabia and the UAE. The group says it stole 110 GB of data and added RBH to its Tor data leak site, publishing images of allegedly hacked systems as proof. It also threatens to release the stolen data if the ransom is not paid by 23 March.
Payload Ransomware is described as a relatively new operation using a double‑extortion model, combining data theft with file encryption, and operating largely as a ransomware‑as‑a‑service with a Tor leak site. The article notes that the ransomware uses ChaCha20 for encryption and Curve25519 for key exchange, and that it deletes shadow copies and disables security tools. Royal Bahrain Hospital was referenced in a tweet by Dominic Alvieri that included a visual proof, as cited in the article.