Cyber experts warn of ‘aggressive’ threat actor targeting healthcare
The security firm Mandiant Intelligence has raised the alarm about FIN12, the threat actor behind ransomware attacks disproportionately affecting the healthcare sector.
Mandiant characterized FIN12 as ” aggressive” and “financially motivated ,” specializing in ransomware deployment while relying on other bad actors to gain access to victims.
“FIN12’s operations provide illustration that no target is off limits when it comes to ransomware attacks, including those that provide critical care functions,” wrote researchers in the report.
“Almost 20% of directly observed FIN12 victims were in the healthcare industry, and many of these organizations operate medical facilities,” they added.
WHY IT MATTERS
According to Mandiant, FIN12-orchestrated ransomware attacks reach back years, to at least October 2018.It specializes in the deployment of primarily RYUK ransomware, appearing to prioritize speed and higher-revenue victims. Notably, FIN12 does not generally steal victim data or leverage it for extortion.”However, it is plausible that these threat actors may evolve their operations to more frequently incorporate data theft in the future,” acknowledged report authors.Although the group appears to be “relatively industry agnostic,” they said, its actions have had a greater impact in the healthcare industry.”Given that many actors refuse to target this industry, it may also be easier or cheaper to […]