Inventive Ransomware Group Focused On Healthcare Data

Uploaded on 2021-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it  has obtained confidential patient data following an attack in August on California's United Health Centers, which suffered a ransomware attack that disrupted several  locations.

The stolen data  includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data 

This group also has previously targeted public school districts and other educational institutions bus a previously unknown cyber crime group  Vice Society's typical operating procedure are difficult to quantify.  Based on incident response observations, they are quick to leverage new vulnerabilities for lateral movement and persistence on a victim's network and they appear to be innovative in dealing with  endpoint detection response bypasses. 

Recently, Cisco Talos incident response teams have have report Vice Society deploying a Dynamic Links Library (DLL) technique that exploits  vulnerabilities in Windows systems. “The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks... Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos researchers wrote. Vice Society are not the only targeting PrintNightmare and other actors have been exploiting the flaws since early summer and because the flaws affect all current versions of Windows, the range of potential targets is large. 

Organisations should apply the latest update to address the PrintNightmare flaws, and if that’s not immediately possible, disable the print spooler service.

Some ransomware gangs have promised not to attack hospitals and health care organisations during the coronavirus pandemic, although they continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure. 


Talos:       Duo:     TechRepublic:      ZDNet:      FireEye Mandiant:    Google:     IT World Canada:

 Bleeping Computer:    Ars Technica:       EU Consilium:    

You Might Also Read:

New Ransomware Variant Discovered:

« Facebook Weakens Democracy & Harms Children
Ransomware Is The Number One Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.