Inventive Ransomware Group Focused On Healthcare Data
Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it has obtained confidential patient data following an attack in August on California's United Health Centers, which suffered a ransomware attack that disrupted several locations.
The stolen data includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data
This group also has previously targeted public school districts and other educational institutions bus a previously unknown cyber crime group Vice Society's typical operating procedure are difficult to quantify. Based on incident response observations, they are quick to leverage new vulnerabilities for lateral movement and persistence on a victim's network and they appear to be innovative in dealing with endpoint detection response bypasses.
Recently, Cisco Talos incident response teams have have report Vice Society deploying a Dynamic Links Library (DLL) technique that exploits vulnerabilities in Windows systems. “The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks... Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos researchers wrote. Vice Society are not the only targeting PrintNightmare and other actors have been exploiting the flaws since early summer and because the flaws affect all current versions of Windows, the range of potential targets is large.
Organisations should apply the latest update to address the PrintNightmare flaws, and if that’s not immediately possible, disable the print spooler service.
Some ransomware gangs have promised not to attack hospitals and health care organisations during the coronavirus pandemic, although they continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure.
Talos: Duo: TechRepublic: ZDNet: FireEye Mandiant: Google: IT World Canada:
Bleeping Computer: Ars Technica: EU Consilium:
You Might Also Read: