Microsoft is doing its bit to help hospitals and care facilities to protect themselves from human-operated ransomware attacks.
In a blog post published today, they write, in part:
While a wide range of adversaries have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on the bandwagon. REvil (also known as Sodinokibi) is one of the ransomware campaigns that actively exploit gateway and VPN vulnerabilities to gain a foothold in target organizations. After successful exploitation, attackers steal credentials, elevate their privileges, and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads.
Microsoft has been tracking REvil as part of a broader monitoring of human-operated ransomware attacks.
Read their full post on Microsoft’s blog.