“Victims often do not respond to ransom demands or contacts from their attackers. In this case, MGH reportedly responded, and D#nut Leaks shared some chat logs with DataBreaches.
The chat began on March 5 when someone showed up claiming to be a member of MGH’s executive team. D#nut’s negotiator (“d0nut”) told MGH
"We are here to inform you that we have infiltrated your network and stayed there for 3 days (it was enough to study your documentation and gain access to your files and services). Also we have downloaded personal data related to your patients, employees and management. Since your business provides critical services and its infrastructure necessary for ordinary people health, we decided not to crypt or damage your network. But we still have downloaded sensitive data from there, so we could make a deal. We know that your IT team found us in your network, also we know that they installed Sentinel Antivirus to resist us. After few hours we removed this AV. At this point we made a decision not to damage your network, but to discuss this situation with your administration and negotiate about sensitive data we own from your network."