Ransomware victim disclosure
← All victimsRiverSoft
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedJul 22, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Jul 22, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileRiverSoft is a software-as-a-service provider specializing in electronic medical records (EMR), billing, and compliance management for home healthcare agencies. The company offers customizable solutions supporting multiple payers, including Medicare and hospice services, with emphasis on claims accuracy and regulatory compliance.
- Industry
- Home Healthcare Software
Attack summary
Severity: medium — The victim is a healthcare software provider whose systems likely contain patient PII and medical records from downstream home care agencies. However, no proof files are advertised in this post, and the disclosure appears to be part of a bulk listing that may indicate lower confidence in the claims. Encryption without published proof and ambiguous exfiltration status warrants medium rather than high severity.Ransomhouse claims to have encrypted RiverSoft's systems. The group's leak post lists RiverSoft alongside multiple other victims (Trellix, Karl Chevrolet, Star Energy, Zenergy, Winnitex, Transaction Packing, IREC, Bioptik, Accelerated Services, Neinver, Associated Endocrinologists, and Warren County Sheriff's Office) in a consolidated disclosure, suggesting a possible supply-chain or mass-exploitation campaign. Data exfiltration status is not explicitly stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Electronic medical records
- Patient billing information
- Payer configuration data
- Clinical pathway documentation
- Customer agency records
What the group claims
RiverSoft is the product of a design process that spans more than 20 years. It is designed to work for large agencies with thousands of patients, in multiple locations, with varied and ever-changing payer requirements (Medicare, Medicare Advantage, Medicaid, commercial insurances, HMO’s, and self-pays). The software has been optimized to work for large populations of employees and patients. All information relevant to the job at hand is shown together, all at once, to save the user’s time. RiverSoft offers something that no other home care software company offers: Industrial strength software that is customized through configuration and software changes to meet the UNIQUE demands of LARGER home care agencies.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

