STATISTICS South Africa, a South African government agency responsible for official statistics, was named as a victim of a ransomware attack by the emerging cybercrime group XP95, according to My Broadband. XP95 claims to have acquired 453,362 files from Statistics South Africa, totalling 154 GB of data, and has demanded a ransom of $100,000 USD to prevent public release. The group has previously attacked Gauteng Province, whose data they claim to have listed for sale on their leak site and on a hacking forum.
In a separate healthcare target, Eholo Health, a Spanish provider of software for clinical management of psychologists’ practices, XP95 says it obtained 165 GB of data including 1,146,700 medical notes and personal information of 601,308 users; the group asserts the data was leaked after a failed ransom of $300,000. XP95 quotes the company as valuing the data at only $80,000, and states it is releasing everything for free to set an example, while Eholo has disputed claims about data security and GDPR compliance.