The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert regarding an imminent cybercrime threat to U.S. hospitals and healthcare providers. The alert, co-authored by CISA, the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), regarded the use of Ryuk and Trickbot malware to perform ransomware behavior at a massive scale. The report was later updated to include the use of Conti ransomware and BazarLoader malware.
The group behind this attack is a financially motivated adversary, labeled as UNC1878 by FireEye Mandiant, that leverages the Ryuk ransomware to encrypt target environments and extort their victims. The most significant component of this group’s operations is the speed at which they transition from initial access to ransomware deployment, with some environments experiencing the attack's full lifecycle in just over two days.
To learn more about these threats and how to protect your customers with Carbon Black, read the full article.