August 21, 2024
(press release)
–
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Everest, a ransomware-as-a-service group increasingly targeting the health care field. The group is known to access systems through compromised user accounts and common remote access tools. “Yet another Russian-speaking ransomware group targets U.S. health care,” said John Riggi, AHA national advisor for cybersecurity and risk. “Everest appears to have morphed into what is known as an ‘initial access broker’ meaning their role in the underground Russian ransomware economy is to facilitate ransomware attacks by initially gaining unauthorized access to a victim organization through such means as credential theft. They then sell the unauthorized access to other gangs, who conduct the ransomware attack. It is noted that Everest, like other gangs, utilizes legitimate cybersecurity threat simulation tools such as Cobalt Strike to facilitate their attacks. It is recommended that health care organizations set network monitoring tools to alert for Cobalt Strike activations, implement the recommended mitigations included in the alert, and implement the voluntary health care cybersecurity performance goals.” For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.
* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.