Security News > 2020 > October > Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals
2020-10-29 21:15

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic, researchers said in newly released findings.

Kegtap, Singlemalt and Winekey act as first-stage loaders, which establish a foothold on a device before fetching malware for the next stage of the attack.

The Ransomware Payload. The main goal of the mission, according to the report, is to deliver a Ryuk payload. "There is evidence to suggest that Ryuk ransomware was likely deployed via PsExec, but other scripts or artifacts related to the distribution process were not available for forensic analysis," the report continued.

UNC1878's Ryuk has been linked to ransomware spread throughout a Canadian government health organization and just this week was used in ransomware attacks against multiple healthcare systems, including Klamath Falls, Ore.-based Sky Lakes Medical Center and New York-based St. Lawrence Health System.

Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020.


News URL

https://threatpost.com/kegtap-singlemalt-winekey-malware-serve-up-ransomware-to-hospitals/160756/