Daixin team- A ransomware group targeting healthcare industries
In an advisory released by Cybersecurity and Infrastructure Security Agency (CISA), healthcare organizations have been warned against a ransomware group- “Daixin Team”. This group has been targeting the healthcare industry since June and is known for data extortion and multiple security beaches.
This group mainly targets U.S businesses and its primary target is healthcare and public health organizations. The modus operandi is to deploy ransomware and/or exfiltrate personal/patient information and threaten to release the information if a ransom is not paid. Daixin team deploys ransomware by encrypting the servers catering to healthcare services, health records services, diagnostic services, Patient Health information, and imaging services.
Once the Daixin team gets access to the victim’s VPN, the group operates laterally via Secure shell (SSH) and Remote Desktop Protocol (RDP). As per the advisory, this group also seeks to gain access to privileged accounts through credential dumping and pass the hash to access VMware vCenter Server and reset passwords for ESXi servers. As per the reports, the Daixin Team’s ransomware resembles the leaked Babuk Locker source code.
CISA and HHS (Health and Human Services) have recommended Healthcare sector to install updates for operating systems, software, and firmware as soon as they become available. The industry can safeguard its operations by implementing the above-suggested measures and can defend against the Daixin team’s malicious activities.
Additionally, such organizations must consider leveraging a centralized patch management system to automate and expedite the process. Healthcare services can be secured by implementing MFA for as many services as possible, especially for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups. The advisory also recommends that the HPH sector maintain offline backups of data, and regularly test backup and restoration.
Organizations should prepare and exercise a cyber incident response plan and associated communications plan that includes response procedures for any malicious incidents.
Follow on Facebook: Latest Hacking Updates