healthcare (15)

12282135297?profile=RESIZE_400xThis Fortiguard article in the Ransomware Roundup covers the Knight ransomware.

Knight Ransomware Overview: 
Knight is a relatively new ransomware group that arrived in August 2023. Like many attackers, the gang behind this variant employs double extortion tactics, where the Knight ransomware encrypts files on victims’ machines and exfiltrates data for extortion purposes.


The predecessor of Knight, Cyclops, had multi-OS tools for Windows, Linux, and Mac OS. So, while FortiGuard Labs had only loc

11750899660?profile=RESIZE_400xNote: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

10997991696?profile=RESIZE_192XA new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.  Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO).  The researchers also found that it attacked several embassies.  “Our assessment is that the operators of this

10971637687?profile=RESIZE_400xRussia-linked ransomware group Clop reportedly took responsibility for a mass attack on more than 130 organizations, including those in the healthcare industry, using a zero-day vulnerability in secure file transfer software GoAnywhere MFT.[1]  Cybersecurity & Infrastructure Security Agency (CISA) added the GoAnywhere flaw (CVE-2023-0669) to its public catalog of Known Exploited Vulnerabilities.  This Sector

Alert follows previous HC3 Analyst Notes on Clop (CLOP Poses Ongoing Risk to HPH Organiz

10859349472?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert on a new cybercrime group targeting organizations in the healthcare sector.

Called Daixin Team, the threat actor has been active since at least June 2022, targeting organizations in the US with ransomware based on leaked Babuk source code in September 2021, and also engaging in data theft and extortion.  It has

10853628288?profile=RESIZE_400xVice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.  

10841022296?profile=RESIZE_400xThere has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals.  The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia.  What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe.  Health insurer Medibank Private says it has been hit by a cyber-attack. 


Key points:

It is A

9969000653?profile=RESIZE_400xActivity Summary - Week Ending on 30 December 2021:

  • Red Sky Alliance identified 18,056 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 4,095 new IP addresses participating in various Botnets
  • Chaos in Japan
  • SonicWall
  • An Albania Hit, Aagain
  • Five Eyes on Log4j
  • Chinese Propaganda in Full Force
  • Ireland is getting Serious
  • Healthcare at Risk, Still
  • Free Peltier

Link to full report: IR-21-364-001_weekly364.pdf

9657763476?profile=RESIZE_400xActivity Summary - Week Ending 8 October 2021:

  • Red Sky Alliance identified 45,583 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 1,245 new IP addresses participating in various botnets
  • Researchers observed 10 unique email accounts compromised with keyloggers
  • Ranion is a Ransom-as-a-Service
  • Ransomware Operations are Short-Lived
  • Cyber-Attack turns Fatal
  • Indiana hospital and Ransomware
  • Protecting the Healthcare Sector
  • What’s a Slacktivist?
  • The Anthropocene Period


8952553461?profile=RESIZE_400xActivity Summary - Week Ending 21 May 2021:

  • Analysts identified 1,828 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 28,925 connections from new unique IP Addresses
  • Our collection show 21 unique email accounts compromised with Keyloggers
  • FiveHands Ransomware
  • Panda Stealer
  • Waikato (NZ) District Health Boar – Hit
  • AXA Partners in Asia – attacked by the Avaddon Group
  • Ireland Hospital Hacking
  • Glasgow (Scotland) Caledonian University – IT shut Down
  • Additional DarkSide T

8601841870?profile=RESIZE_400xActivity Summary - Week Ending 26 February 2021:

  • 600+ US healthcare data breaches in 2020
  • Red Sky Alliance identified 35,139 connections from new unique IP addresses
  • Analysts identified 2,378 new IP addresses participating in various Botnets
  • Bazar Trojan Variant
  • Malware Lingerie for 2021Valentine’s Day !!
  • Silver Sparrow; aren’t Sparrows Brown?
  • Pfizer, COVID Vaccine and Hacking
  • LEON and Nocona Hospitals hit
  • eHealth in Canada – Ryuk Ransomware
  • France to invest 1 billion euros in Cyber Security –

8273065859?profile=RESIZE_400xActivity Summary - Week Ending 11 December 2020:

  • Red Sky Alliance identified 49,028 connections from new unique IP addresses
  • Analysts observed 66 unique email accounts compromised with Keyloggers
  • Sality and Corkow has consistently remain the top Malware Variants
  • Analysts identified 1,715 new IP addresses participating in various Botnets
  • Ragnar Locker
  • WatchBogMiner
  • Leaking Browser URL and Protocol Handlers
  • Malware targeting Synthetic DNA Orders to modify DNA strings sequence
  • Covid-19 Rx. Researc

8172301898?profile=RESIZE_400xEncryption is a valuable partner in maintaining privacy.  Encryption keeps our data safe from unwanted guests.  It stops people from robbing our valuable credit card details, our app usage habits, and our passwords.  While this is the answer for those with privacy concerns, IT teams will face a massive influx of traffic that they cannot look inside without decryption technology.  This means encryption brings a bit of a double-edged sword because cyber threat actors can use it too.  Encryption ca

4215815511?profile=RESIZE_710xDuring these current and uncertain times, who can you trust for updated, reliable and virus free information on the Coronavirus?  A safe reliable source is InfraGard.  InfraGard National is an FBI-affiliated nonprofit organization dedicated to strengthening national security, community resilience and the foundation of American life.  InfraGard is one of the FBI’s longest-running outreach programs and its largest public/private partnership, with over 60,000 members representing 77 InfraGard chapt







DNATools Inc. application dnaLIMS is a “state-of-the art web-based laboratory information management system used to track and manage (scientific DNA research)”.  It is commonly used by researchers in labs and universities around the world.  In 2017, multiple vulnerabilities were discovered in this software.  After the vendor was notified, their response indicates these vulnerabilities will not be fixed.  It has been confirmed that these vulnerabilities still exist in the software and attack