Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware

7 months ago
September 18, 2024
1 reply
9 views

+54

Jasper_The_Rasper
Moderator
11631 replies

September 18, 2024 By Sergiu Gatlan

Hospital

Image: Midjourney

Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.

INC Ransom is a ransomware-as-a-service (RaaS) operation whose affiliates have targeted public and private organizations since July 2023, including Yamaha Motor Philippines, the U.S. division of Xerox Business Solutions(XBS), and, more recently, Scotland's National Health Service (NHS).

In May 2024, a threat actor called "salfetka" claimed to sell the source code of INC Ransom's Windows and Linux/ESXi encrypter versions for $300,000 on the Exploit and XSS hacking forums.

Microsoft revealed on Wednesday that its threat analysts have observed the financially motivated Vanilla Tempest threat actor using INC ransomware for the first time in an attack on the U.S. healthcare sector.

>>Full Article<<

+63

TripleHelix
Moderator
9178 replies
7 months ago
September 19, 2024

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Sep 19, 2024 Ravie Lakshmanan Healthcare / Malware

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S.

The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).

"Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494, before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool," it said in a series of posts shared on X.

In the next step, the attackers proceed to carry out lateral movement through Remote Desktop Protocol (RDP) and then use the Windows Management Instrumentation (WMI) Provider Host to deploy the INC ransomware payload.

The Windows maker said Vanilla Tempest has been active since at least July 2022, with previous attacks targeting education, healthcare, IT, and manufacturing sectors using various ransomware families such as BlackCat, Quantum Locker, Zeppelin, and Rhysida.

Full Article

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯

Reply

Rich Text Editor, editor1

Reply

Related Topics

Atualizar campo de Texto com informações de campo de CheckBox

[Portuguese] 🤝Demonstração | Solicitações de RH

Pipefy para Compras: como criar fluxos de aprovação automatizados e centralizados

Como criar cards com checklists iguaisicon

CRIAR UM DOCUMENTO EM PDF COM INFORMAÇÕES DO BANCO DE DADOSicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded