UNC1878

Description

(BleepingComputer) Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S. Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an ‘increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.’ Later in the day, CISA issued a joint advisory publicly warning that U.S. hospitals and healthcare providers are actively targeted in cyberattacks deploying the Ryuk ransomware. Charles Carmakal, senior vice president and CTO of Mandiant, told BleepingComputer that an Eastern European hacking group known as UNC1878 is responsible for these attacks and that they intend to attack hundreds of hospitals.

Names

Name	Name-Giver
UNC1878	FireEye

Country

• Unknown

Motivation

• Financial gain

First Seen

2020

Observed Sectors

• Healthcare

Observed Countries

• USA

Tools

• BazarBackdoor
• Cobalt Strike
• Ryuk

Information

• https://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/
• https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/

Other Information

Uuid

9c20d87e-bc52-4f83-99ab-b85ef1aa789f

Last Card Change

2021-01-05