Security News > 2022 > October > Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers
Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations.
In a recent advisory, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services said the group has attacked multiple entities since at least June, deploying ransomware to encrypt data on servers used for a range of services, including electronic health records, diagnostic, imaging, and intranet services.
Healthcare facilities have become a favorite public sector target of ransomware and extortion operators, which isn't surprising given the amount of sensitive data they hold, the number of connected devices they operate, and the fact that disruption to critical care could pressure organizations to pay the ransom.
According to cybersecurity firm Emsisoft, at least 68 healthcare providers that between them operate 1,203 sites were affected by ransomware in 2021.
Darren Williams, founder and CEO of Blackfog, told The Register that healthcare is consistently in the top three of targeted sectors by ransomware operators.
HHS warned in an advisory earlier this year that the Hive ransomware group also was targeting healthcare facilities.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/24/cisa_fbi_daixin_ransomware/
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- BT unit took servers offline after Black Basta ransomware breach (source)