Microsoft Alerts U.S. Healthcare Sector About New INC Ransomware Threat
September 19, 2024
Healthcare / Malware
Microsoft has reported that a financially motivated threat actor is utilizing a ransomware strain known as INC for the first time to specifically target the U.S. healthcare sector. The company’s threat intelligence team, tracking this activity under the name Vanilla Tempest (formerly DEV-0832), noted, “Vanilla Tempest is connected to GootLoader infections orchestrated by the threat actor Storm-0494, and employs tools such as the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) software, and MEGA for data synchronization.” Following this, attackers execute lateral movements using Remote Desktop Protocol (RDP) and deploy the INC ransomware payload via Windows Management Instrumentation (WMI) Provider Host. Microsoft revealed that Vanilla Tempest has been operational since at least July 2022, with previous targets including the education, healthcare, IT, and manufacturing sectors.
Healthcare / Malware
Microsoft Alerts Healthcare Sector to Emerging INC Ransomware Threat On September 19, 2024, Microsoft issued a warning regarding a new ransomware variant named INC, which has been identified as a potential threat to the U.S. healthcare sector. This alarming development comes in the wake of the company’s threat intelligence team,…
Microsoft Alerts U.S. Healthcare Sector About New INC Ransomware Threat
September 19, 2024
Healthcare / Malware
Microsoft has reported that a financially motivated threat actor is utilizing a ransomware strain known as INC for the first time to specifically target the U.S. healthcare sector. The company’s threat intelligence team, tracking this activity under the name Vanilla Tempest (formerly DEV-0832), noted, “Vanilla Tempest is connected to GootLoader infections orchestrated by the threat actor Storm-0494, and employs tools such as the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) software, and MEGA for data synchronization.” Following this, attackers execute lateral movements using Remote Desktop Protocol (RDP) and deploy the INC ransomware payload via Windows Management Instrumentation (WMI) Provider Host. Microsoft revealed that Vanilla Tempest has been operational since at least July 2022, with previous targets including the education, healthcare, IT, and manufacturing sectors.