Microsoft Alerts of New INC Ransomware Aiming against the US Healthcare Industry

0
74
Microsoft Alerts of New INC Ransomware Aiming against the US Healthcare Industry
Microsoft Alerts of New INC Ransomware Aiming against the US Healthcare Industry

Microsoft has disclosed that a financially motivated threat actor has been seen targeting the US healthcare industry for the first time with a ransomware strain known as INC.

The behaviour is being monitored by the IT giant’s threat intelligence team under the code name Vanilla Tempest (formerly DEV-0832).

“Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494 before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool,” it said in a series of posts shared on X.

The attackers then employ Remote Desktop Protocol (RDP) to migrate laterally before deploying the INC ransomware payload via the Windows Management Instrumentation (WMI) Provider Host.

According to the creator of Windows, Vanilla Tempest has been active since at least July 2022. Previous attacks, which used different ransomware families like BlackCat, Quantum Locker, Zeppelin, and Rhysida, targeted the manufacturing, healthcare, education, and IT industries.

It’s important to note that Vice Society, a group that is notorious for using pre-existing lockers for attack purposes rather than creating their own new ones, is also tracking the threat actor.

The development coincides with the observation that ransomware gangs such as BianLian and Rhysida are increasingly utilizing Azure Storage Explorer and AzCopy to steal confidential information from breached networks in an effort to avoid discovery.

“This tool, used for managing Azure storage and objects within it, is being repurposed by threat actors for large-scale data transfers to cloud storage,” modePUSH researcher Britton Manahan said.

Also readAutomation in Oil and Gas: Horizons and Expectations for the Next 5 Years

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.