Ransomware, Critical Infrastructure Security

US healthcare sector subjected to attacks with INC ransomware

Share
Credit: Adobe Stock Images

BleepingComputer reports that attacks with the INC ransomware payload have been deployed by the Vanilla Tempest threat operation, also known as Vice Society and DEV-0832, against healthcare organizations across the U.S.

Vanilla Tempest, which was previously associated with the Rhysida ransomware group, leveraged initial network access secured from Storm-0494's Gootloader malware attacks to distribute Supper malware and AnyDesk remote monitoring and MEGA data synchronization tools before proceeding with lateral movement and the eventual execution of INC ransomware, according to the Microsoft Threat Intelligence team. Additional details regarding the organization affected by the intrusion were not provided but Michigan-based non-profit healthcare system McLaren Health Care was reported to have had its operations disrupted by an INC ransomware attack last month. Such a development comes months after the INC Ransom ransomware-as-a-service operation had its Windows and Linux/VMware ESXi encryptor source codes purportedly sold by threat actor "salfetka" on hacking forums.

US healthcare sector subjected to attacks with INC ransomware

Vanilla Tempest leveraged initial network access secured from Storm-0494's Gootloader malware attacks to distribute Supper malware and AnyDesk remote monitoring and MEGA data synchronization tools before proceeding with lateral movement and the eventual execution of INC ransomware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.