Lithuania: Cybercriminals Blackmail Plastic Surgery Clinic with Stolen Photos

Published: 28 April 2017

aid-1822458 960 720

Plastic surgery (Photo: Sasin Tipchai)

By Šarūnas Černiauskas

Cybercriminals who stole personal records and photos of patients from the data system of a Lithuanian plastic surgery clinic - including those of national and foreign celebrities - have put them up for sale.

The perpetrators put the Grožio Chirurgija data online, at a Dark Web website and are selling them for between €50 and €2,000 each or for €344,000 the whole package.

Last week, OCCRP‘s Lithuanian partner 15min received an e-mail from the criminals who claimed to have obtained the records on 25,000 patients of the clinic. The email contained nude photos of some of the clients.

Reporters at 15min managed to verify some of the celebrity clients‘ data exposed in the Dark Web website – the phone numbers, dates of birth and other details published by the criminals matched the victim’s real data.

Also, one of the clients who‘s medical records on breast surgery were made public, confirmed that she had surgery on the date indicated in the leak.

Initially, the clinic claimed that the criminals were lying about how successful their attack was.

"Yes, our data was stolen: addresses, names and surnames. But this is not connected to pictures, the pictures were made up by these so-called hackers", Vygintas Kaikaris, one of the clinic’s leading surgeons, told 15min.

After this statement, the attackers came back at the clinic, releasing a bundle of data about particular clients. Some of the clients contacted by 15min admitted the photos were authentic and taken at Grožio Chirurgija.

While authorities are investigating the attack, the cybercriminals are openly demanding ransom, offering to delete the data in return for 300 bitcoins, which is roughly €344,000.

At the same time, they are blackmailing some of the celebrity clients. At least two of them admitted receiving untraceable text messages with links to the data.

The perpetrators announced they first tried to blackmail the hospital and called the ransome ‘small penalty fee’ for using vulnerable IT systems.

"Since they have refused to do so, (looks like they have very very very large EGO!) now we are putting this site together and anyone can buy the data," the perpetrators wrote.

"We are also significantly increasing the price of the entire package. Just so it fits their huge egos better! :) Now anyone can buy entries one by one or all of them together", the announcement said.