[SINOBI] – Ransomware Victim: South Atlanta Medical Clinic

image

NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

Ransomware group:
SINOBI
Victim name:
SOUTH ATLANTA MEDICAL CLINIC

AI Generated Summary of the Ransomware Leak Page

The leak post, attributed to the Sinobi group, identifies South Atlanta Medical Clinic as the victim in a healthcare sector target. The post date provided is 2025-10-20 18:43:07.894000, which is the published date of the leak; there is no separate compromise date indicated in the available data. The page presents a victim-focused profile, detailing the facility as a Stockbridge, GA-based outpatient surgical center that specializes in ear, nose, and throat procedures. It highlights a staff of board-certified otolaryngologists and anesthesiologists and notes the use of advanced ENT technologies such as image-guided sinus surgery and balloon sinuplasty, underscoring the clinic’s clinical focus and capabilities. The post is attributed to the Sinobi threat group, and the data indicates a claim URL is present on the leak page, suggesting a pathway for additional information or a ransom-related note, though the actual link is not shown here.

The leak page, as captured by the available data, contains no images or downloadable materials (0 images and no downloads). There is no explicit statement of impact (e.g., encryption or data leakage) within the provided fields, and no ransom amount is disclosed (income_or_ransom remains blank). The presence of a claim URL implies the attackers may offer a public claim or data release channel, but the dataset does not include any visual evidence, documents, or monetary figures. In sum, the entry confirms the victim’s identity and healthcare context and notes the post date, while leaving specifics about the attack, any exfiltrated data, and potential ransom details unspecified in the available information.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features