September 19, 2024 at 02:45PM Microsoft has reported that the ransomware affiliate Vanilla Tempest is now targeting U.S. healthcare organizations, using the INC ransomware. Vanilla Tempest gained network access by deploying malware and backdooring systems, leading to disruptions in IT and phone systems and causing loss of patient information. Vanilla Tempest has a history of … Read more
September 19, 2024 at 08:36AM Microsoft warns of the INC ransomware used by threat actor Vanilla Tempest to target US healthcare organizations. The attacker leverages Gootloader malware to expand network access, utilizing tools like AnyDesk, MEGA, RDP, and WMI Provider Host to execute the ransomware payload. They have been active for at least two years … Read more
September 19, 2024 at 06:24AM A financially motivated threat actor, under the name Vanilla Tempest, has been targeting the healthcare sector in the U.S. using a ransomware strain called INC. This actor is known for using various tools and techniques, such as deploying ransomware payloads through Windows Management Instrumentation and exfiltrating data using Azure tools. … Read more
September 18, 2024 at 03:05PM Microsoft has identified the ransomware affiliate Vanilla Tempest targeting U.S. healthcare organizations in INC ransomware attacks. Based on the meeting notes, it seems that Microsoft has stated that a ransomware affiliate known as Vanilla Tempest is now targeting U.S. healthcare organizations in INC ransomware attacks. This suggests a heightened threat … Read more