Inventive Ransomware Group Focused On Healthcare Data

Uploaded on 2021-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Ransomware groups have increased their attacks on hospitals and health service providers as Coronavirus pandemic persists and this is because of the sensitive information they carry, including information like social security numbers, financial and other personal data. A new ransomware gang called Vice Society claims it  has obtained confidential patient data following an attack in August on California's United Health Centers, which suffered a ransomware attack that disrupted several  locations.

The stolen data  includes insurance benefits, financial documents and laboratory test results and Vice Society has now begun leaking the stolen data 

This group also has previously targeted public school districts and other educational institutions bus a previously unknown cyber crime group  Vice Society's typical operating procedure are difficult to quantify.  Based on incident response observations, they are quick to leverage new vulnerabilities for lateral movement and persistence on a victim's network and they appear to be innovative in dealing with  endpoint detection response bypasses. 

Recently, Cisco Talos incident response teams have have report Vice Society deploying a Dynamic Links Library (DLL) technique that exploits  vulnerabilities in Windows systems. “The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks... Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos researchers wrote. Vice Society are not the only targeting PrintNightmare and other actors have been exploiting the flaws since early summer and because the flaws affect all current versions of Windows, the range of potential targets is large. 

Organisations should apply the latest update to address the PrintNightmare flaws, and if that’s not immediately possible, disable the print spooler service.

Some ransomware gangs have promised not to attack hospitals and health care organisations during the coronavirus pandemic, although they continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure. 


Talos:       Duo:     TechRepublic:      ZDNet:      FireEye Mandiant:    Google:     IT World Canada:

 Bleeping Computer:    Ars Technica:       EU Consilium:    

You Might Also Read:

New Ransomware Variant Discovered:

« Facebook Weakens Democracy & Harms Children
Ransomware Is The Number One Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

KPN

KPN

KPN is a leading supplier of ICT services including Cyber Security, Identity & Privacy, Secure Communications and Business Continuity.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Cambridge International Systems

Cambridge International Systems

For more than 25 years, Cambridge has been fighting bad actors in both the cyber and physical worlds.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.