Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read More“For most US individuals out there doubting us, we probably have your personal data.”
This was the defiant statement from cybercriminal group RansomHub, as seen by Wired – in response to a public frenzy of opinion around a ransomware attack against Change Healthcare, a revenue and payments management system for healthcare providers and customers in the United States.
The organisation was attacked by a different group back in February. And as Wired reported, it wasn’t until April that Change Healthcare admitted it did indeed pay a ransom in response to that attack. That ransom payment, however, wasn’t the end of the story – with patient data leaked on the dark web following the settlement.
While the specifics are unverified (at time of writing), stolen data is thought to include patient medical and dental records, details of payment claims, insurance details, and identity data including social security numbers. One of RansomHub’s claims has been that it holds healthcare data on active US military personnel.
It’s a damaging aftershock for Change Healthcare and its customers, as the organisation scrambles to stay on top of snowballing reports about the nature of the attack and prior knowledge that the data had been sold by the original attackers.
In its statement, RansomHub has added fuel to the fire, further smearing Change Healthcare’s reputation (along with its partner companies) by saying that “processing of sensitive data for all of these companies is just something unbelievable.”
This case shows how threat actors can work multiple angles at the same time – ultimately applying so much pressure that the target has little choice but to pay a ransom and appease the attackers.
RansomHub’s angles include:
Press is a highly effective way to pile pressure onto a target organisation during a cybersecurity attack. So the growing media attention surrounding Change Health is an intentional byproduct of RansomHub’s strategy.
All of this shines a light on one thing: the incredible scope, responsibility and complexity of a cybersecurity leader’s job. To be a strong CISO or leader you have to be good at a vast array of things; and have the ability to maintain a cool head under pressure.
Every time we watch an attack like this unfold, it reaffirms our respect for the talented individuals we meet every year at Black Hat MEA. And it reminds us why we do what we do: because cybersecurity professionals need opportunities to network, learn from each other, and build their personal resilience within a community of people who know what the work is like.
Join us at Black Hat MEA 2024 to immerse yourself in the global cybersecurity community. Register now.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More