Payload Ransomware claims to have hacked Royal Bahrain Hospital and stolen 110 GB of data, publishing images of allegedly compromised systems on its Tor leak site as proof. The group is threatening to release the stolen data if a ransom is not paid by March 23, and Payload employs a double-extortion model using ChaCha20 encryption and Curve25519 key exchange while deleting shadow copies and disabling security tools. #PayloadRansomware #RoyalBahrainHospital
Keypoints
- Payload Ransomware claims to have stolen 110 GB of data from Royal Bahrain Hospital.
- The gang posted images of allegedly hacked systems on its Tor leak site as proof.
- Attackers threaten to publish the stolen data unless a ransom is paid by March 23.
- Royal Bahrain Hospital is a 70-bed facility serving patients from Bahrain and neighboring Gulf countries.
- Payload uses a double-extortion approach with ChaCha20 encryption, Curve25519 key exchange, shadow copy deletion, and likely operates as RaaS.