Healthcare

Hospital Halts GandCrab Infection with Layered Defence

12 - 19 February 2019

A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources.
Cyber_News_Healthcare
A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources. The hospital’s network was compromised via brute-force attack against a computer with RDP (Remote Desktop Protocol) access. After gaining the initial foothold, the hackers moved laterally to virtual machines connected to multiple hosts and running vital services in the hospital. The hackers then use PsExec utility to unleash the ransomware, but a behavioural monitoring solution block the executable from running. On servers that have behavioural monitoring turned off, the encryption routine was stopped by another end-point solution with anti-encryption countermeasures. The behavioural monitoring solution was also able to deter a second attack wave, which attempted to run the ransomware payload again after a 1 million second (11.5 days) delay. 

References:
[1] Inside a GandCrab Targeted Ransomware Attack on a Hospital
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence