Inventive Ransomware Group Focused On Healthcare Data

Uploaded on 2021-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it  has obtained confidential patient data following an attack in August on California's United Health Centers, which suffered a ransomware attack that disrupted several  locations.

The stolen data  includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data 

This group also has previously targeted public school districts and other educational institutions bus a previously unknown cyber crime group  Vice Society's typical operating procedure are difficult to quantify.  Based on incident response observations, they are quick to leverage new vulnerabilities for lateral movement and persistence on a victim's network and they appear to be innovative in dealing with  endpoint detection response bypasses. 

Recently, Cisco Talos incident response teams have have report Vice Society deploying a Dynamic Links Library (DLL) technique that exploits  vulnerabilities in Windows systems. “The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks... Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos researchers wrote. Vice Society are not the only targeting PrintNightmare and other actors have been exploiting the flaws since early summer and because the flaws affect all current versions of Windows, the range of potential targets is large. 

Organisations should apply the latest update to address the PrintNightmare flaws, and if that’s not immediately possible, disable the print spooler service.

Some ransomware gangs have promised not to attack hospitals and health care organisations during the coronavirus pandemic, although they continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure. 


Talos:       Duo:     TechRepublic:      ZDNet:      FireEye Mandiant:    Google:     IT World Canada:

 Bleeping Computer:    Ars Technica:       EU Consilium:    

You Might Also Read:

New Ransomware Variant Discovered:

« Facebook Weakens Democracy & Harms Children
Ransomware Is The Number One Threat »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Guardsquare

Guardsquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

Tausight

Tausight

Tausight is an AI-Powered patient data security startup with a mission of reducing healthcare cyber incidents using a more proactive, risk management philosophy.

Redport Information Assurance

Redport Information Assurance

Redport Information Assurance is an information assurance and cyber security solutions provider offering integrated business solutions for all levels of government.

Cyber Nations

Cyber Nations

Cyber Nations is a global program designed to engage 100,000 African, Caribbean and Canadian learners to be trained in cybersecurity with a path to employment.