US Government Agencies warn Healthcare Organizations and Sectors about a cybercrime group targetting them for ransomware.
Department of Health and Human Services, FBI, and CISA found that a powerful cybercrime group known as Daixin Team is mainly targeting the Healthcare businesses and sectors of the United States and planning to hit them with ransomware.
Daixin Team is a relatively new data extortion and ransomware group that mainly targets the Health sector, steals personal and patient health information, and threatens the authorities to leak the data if they don’t pay a certain amount of ransom.
This cybercrime group plans the attacks with the help of VPN servers and uses various phishing methods like credential dumping, passing the hash, and asking for ransomware. Once the threat actors enter the VPN servers of their targets with even the tiniest of vulnerabilities, they will have access to all the personal information and data.
The authorities and Federal agencies recognized the potential attacks and immediately warned the public and health sector businesses by releasing an alert saying,
“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [T1098] for ESXi servers in the environment. The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware [T1486] on those servers.”
Moreover, the alert was also full of instructions for protective measures businesses should take to prevent attacks from the Daixin Team.
Here is a complete list of instructions mentioned in the alert.
- Always keep your software, firmware, and operating systems up to date.
- A phishing-resisting MFA should protect all services like VPNs, webmail, and servers containing sensitive data.
- Protect and monitor your Remote Desktop Protocol 24/7.
- Keep all your WANs (Wide Area Networks) secure with strong passwords. Also, keep your WANs away from all the Device Management Services.
- Create a multi-layer network segmentation to protect and secure personal data.
- Invest in new and effective monitoring tools to ensure there are no vulnerabilities.
- Limit access to data – Only people or employees concerned with the servers should have access. Moreover, it would be beneficial to deploy digital certificates and public key infrastructures to prevent phishing and cyber-attacks.
- Avoid using administrative accounts on internal systems; they permit broad organizational system privileges and do not guarantee the least privilege.
- Organizations should start using technologies like Transport Layer Security to secure their PII and PHI. Also, they should keep the private information of patients only on internal systems. Furthermore, those systems should be protected with firewalls, and there should be a backup for all the data in case it is stolen.
- Frequently review your existing internal policies regarding the storage, access, and monitoring of the data. Also, stay up-to-date and create new policies often.
- Use encryption to protect stored data and make it unreadable when it is saved.
- In the end, HHS, CISA, and FBI ask the organizations to be prepared for the worst-case scenario and plan strategies to prevent and deal with the ransomware situation.