Technology

Microsoft warns US healthcare of threat actor using new ransomware

September 21, 2024

Vanilla Tempest, a ransomware group also known as Vice Society, has been seen deploying the INC ransomware strain for the first time to target the American healthcare sector.

This is according to cybersecurity researchers from Microsoft, who recently detailed their newest findings in an X thread.

In the thread, the company said Vanilla Tempest first receives hands-off from Gootloader infections by Storm-0494, before deploying different malware and software, including Supper, AnyDesk, MEGA, and others.

Vice Society

The group uses Remote Desktop Protocol (RDP) for lateral movement, and Windows Management Instrumentation Provider Host to deploy the INC ransomware.

Unfortunately, Microsoft did not say which organizations Vanilla Tempest targeted, or how successful it was. Ransomware attacks against healthcare firms usually result in the leak of highly sensitive medical data, as well as potentially dizzying payouts.

Vanilla Tempest, or Vice Society, is a threat actor that’s been active since mid-2022. It usually targets education, healthcare, IT, and manufacturing sectors, and is known for frequently switching between different encryptors. While affiliates usually stick to one or two encryptors, Vanilla Tempest was observed using BlackCat, Quantum Locker, Zeppelin, Rhysida, and others.

In October 2022, Microsoft warned about Vanilla Tempest, saying it was known for swapping ransomware payloads as it targeted schools in the US. In some cases, Microsoft added, the group skips the encryption part altogether and just steals the data.

Some of its victims include the Swedish furniture powerhouse IKEA, as well as the Los Angeles Unified School District (LAUSD). IKEA fell prey in late November 2022, when its shops in Morocco and Kuwait were forced to shut parts of their infrastructure down. A few months earlier, LAUSD tried to negotiate with the group to keep the stolen sensitive data private, but the negotiations broke down.

“Unfortunately, as expected, data was recently released by a criminal organization,” LAUSD said soon after. “In partnership with law enforcement, our experts are analyzing the full extent of this data release.”

The identity of the hackers is unknown to this day.

Via The Hacker News

More from TechRadar Pro

Facebook
Twitter
Pinterest
WhatsApp

Previous articleWhy does ‘The Babadook’ still haunt? Its director, Jennifer Kent, has some answers
Next articleIllegal immigrant bites Border Patrol agent in the face amid ‘significant rise’ of attacks on CBP

M Adam
https://technologiesandgadgets.com/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar