Vanilla Tempest, a ransomware group also known as Vice Society, has been seen deploying the INC ransomware strain for the first time to target the Ame

Microsoft warns US healthcare of threat actor using new ransomware

submited by

Style Pass

2024-09-20 19:30:04

Vanilla Tempest, a ransomware group also known as Vice Society, has been seen deploying the INC ransomware strain for the first time to target the American healthcare sector.

In the thread, the company said Vanilla Tempest first receives hands-off from Gootloader infections by Storm-0494, before deploying different malware and software, including Supper, AnyDesk, MEGA, and others.

The group uses Remote Desktop Protocol (RDP) for lateral movement, and Windows Management Instrumentation Provider Host to deploy the INC ransomware.

Unfortunately, Microsoft did not say which organizations Vanilla Tempest targeted, or how successful it was. Ransomware attacks against healthcare firms usually result in the leak of highly sensitive medical data, as well as potentially dizzying payouts.

Vanilla Tempest, or Vice Society, is a threat actor that’s been active since mid-2022. It usually targets education, healthcare, IT, and manufacturing sectors, and is known for frequently switching between different encryptors. While affiliates usually stick to one or two encryptors, Vanilla Tempest was observed using BlackCat, Quantum Locker, Zeppelin, Rhysida, and others.