The ransomware group known as Everest has begun targeting the healthcare sector.
Everest, a ransomware-as-a-service organization, is notorious for infiltrating systems by exploiting compromised user accounts and leveraging common remote access tools, according to an Aug. 21 news release from the American Hospital Association.
"Everest appears to have morphed into what is known as an 'initial access broker' meaning their role in the underground Russian ransomware economy is to facilitate ransomware attacks by initially gaining unauthorized access to a victim organization through such means as credential theft," John Riggi, the American Hospital Association's national advisor for cybersecurity and risk said in the release. "They then sell the unauthorized access to other gangs, who conduct the ransomware attack. It is noted that Everest, like other gangs, utilizes legitimate cybersecurity threat simulation tools such as Cobalt Strike to facilitate their attacks."