On March 27, Brandywine Urology Consultants in Delaware began notifying the U.S. Department of Health and Human Services (HHS) and their patients about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27. Importantly, they state that the electronic medical records system (“EMR”) was not attacked…
Category: Malware
Another COVID-19 Research Firm Targeted by Ransomware Attack
The Hammersmith Medicines Research (HMR) facility in London is not the only firm working on research to understand or treat COVID-19 that has been recently attacked with ransomware. While Maze Team attacked HMR in March, another team using Sodinokibi ransomware (the REvil team) was attacking 10x Genomics in California. The attack was disclosed on April…
Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do
Microsoft is doing its bit to help hospitals and care facilities to protect themselves from human-operated ransomware attacks. In a blog post published today, they write, in part: While a wide range of adversaries have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on…
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation
From Intel471’s Malware Intelligence Team: REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves on the infected…
Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries, including Healthcare Sector
The summary from Private Industry Notification #20200330 by the FBI, issued March 30: Since at least 2016, the FBI has observed an Advanced Persistent Threat (APT) actor conduct a global network exploitation campaign using the Kwampirs Remote Access Trojan (RAT) and is providing additional, non-technical information in an effort to highlight key objectives of the…
Medical and military contractor Kimchuk hit by data-stealing DoppelPayme ransomware
Zack Whittaker reports: Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware, TechCrunch has learned. The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance. Read more on TechCrunch.