The Qilin ransomware gang is once again playing predator in Australian waters, and it recently listed an Australian healthcare centre as a victim on its darknet leak site.
However, the hackers appear to have gotten confused.
Qilin listed The Banyans Healthcare, an entity it called The Banyans Health and Wellness, on 8 June, and while the hackers shared few details (no evidence, no ransom demand, nor any idea of the volume of data allegedly compromised), they did share the victim’s website: thebanyans.com.au.
This has subsequently been shared on numerous open-source threat feeds, where no doubt the AI scraping engines that collate such data from the dark web have simply taken the threat actor at its word.
Cyber Daily reached out to The Banyans, which confirmed it was not the victim.
“The Banyans Healthcare confirms that its data has not been breached or compromised,” a spokesperson for the company, which is a luxury rehab retreat, told Cyber Daily.
“We are aware of a public listing online that incorrectly references our organisation. This listing
instead relates to The Banyans Medical Centre and Specialist Clinics. This is a completely separate entity and is not owned, operated or managed by our organisation. Our operations remain fully secure and are functioning as normal.”
To be fair, it appears to be an easy mistake to make. Both entities share the same address in Bowen, Queensland, and even the same logo. However, as The Banyans Healthcare explained, The Banyans Medical Centre and Specialist Clinics, while separate, does operate under a license to use the name and logo, “which accounts for the similarity in name and the confusion in how the listing has been presented”.
“Like many specialist clinics, The Banyans Healthcare’s day clinic operates from the Bowen Hills location as a tenant. The similarity in address reflects a shared commercial building, not shared operations,” the spokesperson said.
“The two organisations keep entirely separate records. The Banyans Healthcare does not hold or share the Medical Centre’s patient records or systems, and the Medical Centre does not hold ours.”
Cyber Daily has reached out to The Banyans Medical Centre and Specialist Clinics but has yet to receive a response.
Who is Qilin?
Qilin has claimed 1,882 victims since it was first observed in 2022, spread across 98 countries. It is currently the most active ransomware operation in existence.
The group operates under a ransomware-as-a-service model, with affiliates gaining access to its ransomware infrastructure in return for a cut of any ransom payments.
Qilin’s most recent Australian victim was the Tripod Farmers Group.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.