September 19, 2024 at 08:36AM
Microsoft warns of the INC ransomware used by threat actor Vanilla Tempest to target US healthcare organizations. The attacker leverages Gootloader malware to expand network access, utilizing tools like AnyDesk, MEGA, RDP, and WMI Provider Host to execute the ransomware payload. They have been active for at least two years and are affiliated with the RaaS model.
Based on the meeting notes, it seems that a threat actor known as Vanilla Tempest has been observed using the INC ransomware in attacks targeting organizations in the US healthcare sector. The threat actor is associated with the cybercrime group tracked by Microsoft and is known to target systems previously infected with the Gootloader malware. They use various tools to expand their foothold on compromised networks and deploy ransomware, including the Supper backdoor, AnyDesk remote monitoring and management tool, and the MEGA data synchronization tool.
Vanilla Tempest has been active for at least two years, targeting entities in the education, healthcare, IT, and manufacturing sectors. Their activity overlaps with that of another group tracked as DEV-0832, also known as Vice Society, which has been active since at least June 2021. Vice Society is likely associated with the Rhysida ransomware gang, according to a Check Point report.
The INC ransomware deployed by Vanilla Tempest has been active for roughly a year and is offered under a ransomware-as-a-service (RaaS) model. This suggests that Vanilla Tempest is only an affiliate. Previous attacks by INC ransomware affiliates include cyberattacks on Access Sports, Xerox Business Solutions US, and Yamaha Motor Philippines.
The meeting notes also include related incidents of ransomware attacks on Kawasaki Motors, the City of Columbus, an Indianapolis low-income housing agency, and the PNG Finance Ministry.
These meeting notes provide valuable insight into the tactics and activities of the threat actor Vanilla Tempest and their use of the INC ransomware in targeted attacks on various sectors.