Ransomware Mounts a Serious Threat to US Healthcare Providers
Ransomware Attacks in Healthcare
Ransomware attacks have surged within the US healthcare sector, with Microsoft cautioning that the Vanilla Tempest group is capitalizing on vulnerabilities through the INC ransomware service.
Tactics of the Threat Actor
The Vanilla Tempest group exploits initial access gained through a Gootloader infection to infiltrate healthcare systems. This allows lateral movement within networks, ultimately leading to the deployment of INC ransomware. Microsoft reported: “Vanilla Tempest receives hand-offs from Gootloader infections... before deploying tools like the Supper backdoor.”
Extent of Impact and Disguised Ransom Demands
Though Microsoft did not name specific healthcare organizations involved in these attacks, it remains uncertain whether ransoms have been requested. Notably, the threat actor may have opted for extortion efforts without deploying ransomware, using data exfiltration to pressure victims.
Defining Malicious Patterns
Vanilla Tempest, also referred to as DEV-0832, is recognized for its frequent attacks on the education and healthcare sectors. With a history dating back to June 2021, their arsenal has included a variety of ransomware families.
As Microsoft notes, this transition to INC ransomware signifies a potential shift in strategy, pursuing double and triple extortion tactics for faster profits. The parallels observed between this group and others such as Vice Society may suggest a deeper connection in malicious operations.
Disclaimer: The information provided on this site is for informational purposes only and is not intended as medical advice. We are not responsible for any actions taken based on the content of this site. Always consult a qualified healthcare provider for medical advice, diagnosis, and treatment. We source our news from reputable sources and provide links to the original articles. We do not endorse or assume responsibility for the accuracy of the information contained in external sources.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.