Perch bulletin: Ransomware targeting healthcare
A joint report from the FBI, CISA, and HHS titled “Ransomware Activity Targeting the Healthcare and Public Health Sector” was published on October 28, 2020, with information around alleged attacks targeting healthcare organizations across the United States prior to the presidential elections. These government agencies consider these allegations to be credible.
Perch Security is actively engaged and is monitoring for all Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) that have been released from this report, as well as anything related to the associated threat actors in general. We are releasing this bulletin to inform the Perch community that we are fully aware of the threats posed and are taking proactive measures.
This advisory highlights the threat actors behind Trickbot and Ryuk. Trickbot is both the operator of a large botnet and the name for the malware that they deploy. Ryuk is a group operating one of the largest Ransomware-as-a-Service (RaaS) gangs in the world. Throughout 2020, these groups have become closely involved with each other. We are actively reviewing and threat hunting throughout all user data for any indications of compromise related to these threat actors.
We strongly encourage all Perch community members to review the best practices and preventive measures outlined in the CISA report linked below:
For existing Perch community members, please reach out through the existing channels if you have questions. For anyone else looking for further information, please reach out to firstname.lastname@example.org.
- Anchor DNS