Ransomware in the Healthcare sector!

Ransomware in the Healthcare sector.

👾 Rhysida, a ransomeware-as-a-service operation, has claimed one of their first victims in the healthcare industry - Singing River Heath System. This directly impacted 3 hospitals and 10 clinics belonging to the system, underscoring Rhysida’s growing threat to US healthcare organizations.

Rhysida initially targeted education, manufacturing, tech, and government sectors but expanded to healthcare with the Prospect Medical Holdings attack, challenging their early pledge to avoid healthcare targets during the pandemic. 🧨🏥😕

🎣 The RaaS group originated in May as a significant ransomware threat. Its malware, still in early development, itself is a 64-bit Portable Executable Windows encryption app and is distributed via phishing emails and Cobalt Strike (one of my favorite C2s!). The group employs various tactics for lateral movement, steals data, and uses it as leverage. ⚡️💼

💸 Rhysida now demands 30 Bitcoin (approximately $780,000) in exchange for Singing River’s data. They’ve insisted on selling to only one buyer, emphasizing their seriousness. Check Point Software, which is tracking the Rhysida operation, says they can confirm the Rhysida group recently posted a small sample of data apparently belonging to Singing River on its leak disclosure site. 💥

Some 43% of ransomware incidents in Claroty’s healthcare cybersecurity study involved ransoms of between $100,000 and $1 million, Greenhalgh says, noting �that ransomware attacks on health systems have a ripple effect. For some smaller healthcare entities, ransomware can be an existential threat. Earlier this year, St. Margaret’s Health of Illinois announced its decision to cease operations permanently, at least partly because of a crippling 2021 ransomware attack.