Inventive Ransomware Group Focused On Healthcare Data

Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it  has obtained confidential patient data following an attack in August on California's United Health Centers, which suffered a ransomware attack that disrupted several  locations.

The stolen data  includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data 

This group also has previously targeted public school districts and other educational institutions bus a previously unknown cyber crime group  Vice Society's typical operating procedure are difficult to quantify.  Based on incident response observations, they are quick to leverage new vulnerabilities for lateral movement and persistence on a victim's network and they appear to be innovative in dealing with  endpoint detection response bypasses. 

Recently, Cisco Talos incident response teams have have report Vice Society deploying a Dynamic Links Library (DLL) technique that exploits  vulnerabilities in Windows systems. “The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks... Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos researchers wrote. Vice Society are not the only targeting PrintNightmare and other actors have been exploiting the flaws since early summer and because the flaws affect all current versions of Windows, the range of potential targets is large. 

Organisations should apply the latest update to address the PrintNightmare flaws, and if that’s not immediately possible, disable the print spooler service.

Some ransomware gangs have promised not to attack hospitals and health care organisations during the coronavirus pandemic, although they continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure. 


Talos:       Duo:     TechRepublic:      ZDNet:      FireEye Mandiant:    Google:     IT World Canada:

 Bleeping Computer:    Ars Technica:       EU Consilium:    

You Might Also Read:

New Ransomware Variant Discovered:

« Facebook Weakens Democracy & Harms Children
Ransomware Is The Number One Threat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

Kasada

Kasada

Kasada provides bot detection and mitigation for enterprise web applications. Stop the bots before they reach your site and web applications.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

Sunday Cyber

Sunday Cyber

Sunday is a personal cybersecurity platform, built to protect the world’s top executive teams beyond the enterprise perimeter.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Protect AI

Protect AI

Protect AI is a cybersecurity company focused on AI & ML systems. Through innovative security products and thought leadership in MLSecOps, we help our customers build a safer AI powered world.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.