Ransomware Threat: Microsoft Exposes INC Ransomware Attack on US Healthcare Providers
Ransomware Attacks on Healthcare: Microsoft’s Findings
Microsoft has confirmed reports of ransomware attacks against US healthcare providers, emphasizing the active engagement of the group known as Vanilla Tempest. This ransomware scheme, utilizing INC ransomware, has emerged as a significant threat to the healthcare system.
Methodology Behind the Attacks
The threat actors employed a compromised access method, gaining entry through Gootloader infections that facilitate lateral movement within victim networks. By hijacking systems infected by another actor, they successfully deployed the INC ransomware payload.
- Ransomware group Vanilla Tempest has been active since June 2021.
- Initial access often via Gootloader, targeting various industries.
- Utilization of legitimate tools like AnyDesk for malicious purposes.
Exfiltration Strategy: Beyond Ransomware
Interestingly, Microsoft’s investigation indicates that Vanilla Tempest may execute extortion tactics without deploying ransomware, using MEGA data synchronization for data exfiltration. This alteration in approach highlights the evolving tactics within the ransomware landscape.
With a history of targeting educational sectors too, Vanilla Tempest signifies a persistent threat. The shift to the INC ransomware model might reflect their pursuit of swift financial gains under the guise of extortion.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.