Pin It
Ji Yeo
photography Ji Yeo

Hackers publish before/after photos from cosmetic surgeries

The hacking group demanded ransoms in bitcoin before releasing 25,000 private pictures – many nude – of clinic patients

A hacking group, calling themselves ‘Tsar Team’, has stolen and published over 25,000 photos and pieces of personal data from a cosmetic surgery clinic in Lithuania, affecting thousands of patients.

Hackers found a way into the Grozio Chirugija clinic at the beginning of 2017, demanding ransoms in bitcoin. The payments ranged from €50 to €2,000 all depending on how personal or sensitive the data stolen was. According to local authorities, some of the images and stolen information were released in March after the payment demands. More were released yesterday (May 30). 

Associated Press reports that the leak has affected private patients from over 60 countries, with around 1,500 British clients. Nude photos, national insurance numbers and passport scans were among the pieces of data stolen.

The deputy chief of Lithuania’s criminal police bureau Andzejus Raginskis told the press: “It’s extortion. We’re talking about a serious crime.”

Prior to offering individual ransom packages, the hackers demanded the entire database be sold back for 300 bitcoin (about half a million pounds). The Grozio Chirugija clinic refused this. It was then reduced in price to 50 bitcoin, which is around £100,000.

The hacking group Tsar Team is well known among security researchers by other names, such as APT28 and ‘Fancy Bear’. Authorities have warned that anyone who downloads or stores the data could also be prosecuted, as NY Daily News reports. Police continue to work with security services across Europe to deal with the hack.

“Clients, of course, are in shock. Once again, I would like to apologise,” Jonas Staikunas, the director of Grozio Chirurgija, told local press. “Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.”

According to the Guardian, cybersecurity throughout Lithuanian is in peril. 15min, a Lithuanian business publication, reported that half the country’s sites are easily hacked. A national status report depicted how clinics, travel agencies and private doctors’ practices were particularly vulnerable to attack.

The WannaCry ransomware attack recently took place in the UK, which saw several NHS trusts zoned in on by hackers in May. It was a ‘scattershot campaign’ that saw some targeted with phishing scam emails. Codes to unlock the IT systems were sold for $300. What has happened in Lithuania has seen a much more aggressive, targeted approach.