First, is the news related to Medical Review Institute of America (MRIoA), an Utah based health service provider that was hit by a ransomware attack on November 9th of last year.
Information is now out that the group behind the attack exfiltrated data to remote servers and locked down the database from access- a typical trait of those spreading file encrypting malware. And the stolen data includes social security numbers, treatment history, diagnosis history, dates of service, lab reports, prescription data, name of the patient and their insurance number along with other financial information such as plan number, providing company’s details, and claim data.
MRIoA that is into the service of providing clinical reviews and opinions on medical procedures issued a public statement that it became a victim of a highly sophisticated attack through a product vulnerability of SonicWall.
The name of the hacking group that induced the ransomware wasn’t made public. But MRIoA revealed that the encrypted data was recovered and all the servers were built from the ground level to avoid such troubles in the future.
Second is the news related to Sabbath Ransomware reportedly spreading like a fire in the digital world of United States. Sabbath is a malware that has a history of targeting Canadian critical infrastructure- mostly those related to power supply.
And according to Mandiant, the said file encrypting malware has been trying its best to spread its tentacles on the government networks of the Biden led nation since Oct’2021.
As Sabbath ransomware spreaders faced a failure in targeting government infrastructure, they launched attacks on school districts, putting a lot of pressure on students, staff and parents- leading to a triple extortion attack and succeeding extracting millions from a lone victim in December 2021.
The 3rd news related to ransomware and trending on Google is about Magniber Ransomware that is seen exploiting Windows Application Package Files (.APPX) to induce malware into systems by impersonating Chrome and Edge web browser updates.
“It is actually a critical alert as it is using Microsoft’s name to infect PCs via an Internet Explorer vulnerabilities,” said Matthew Holden, a researcher at the Korean security firm AhnLab.
Currently, the malware is seen targeting Asian users and is seen indulging in double extortion tactics, where data is stolen before the system/s get encrypted.