Lorem ipsum dolor sit amet, consectetur adipiscing elit. Test link

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has stated that a financially motivated threat actor has been seen deploying a ransomware strain named INC for the first time to attack the healthcare industry in the U.S.

The tech giant's threat intelligence division is following the behavior under the designation Vanilla Tempest (previously DEV-0832).

"Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494, before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool," it stated in a series of articles posted on X.

In the following stage, the attackers continue to carry out lateral movement over Remote Desktop Protocol (RDP) and then utilize the Windows Management Instrumentation (WMI) Provider Host to deliver the INC ransomware payload.

The Windows manufacturer claimed Vanilla Tempest has been active since at least July 2022, with prior assaults targeting education, healthcare, IT, and manufacturing industries utilizing multiple ransomware families including as BlackCat, Quantum Locker, Zeppelin, and Rhysida.

It's worth mentioning that the threat actor is also tracked under the moniker Vice Society, which is notorious for leveraging previously existing lockers to carry out their assaults, as opposed to constructing a new version of their own.

The news comes as ransomware gangs like BianLian and Rhysida have been detected increasingly employing Azure Storage Explorer and AzCopy to exfiltrate sensitive data from infected networks in an effort to elude detection.

"This tool, used for managing Azure storage and objects within it, is being repurposed by threat actors for large-scale data transfers to cloud storage," modePUSH researcher Britton Manahan said.

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.