Federal officials are warning about a ransomware group that is using phishing tactics to hack healthcare organizations.
Cybercriminal gang RansomHub has encrypted and stolen data from at least 210 victims, including in healthcare and public health, since forming in February, according to an Aug. 29 notice from the Cybersecurity and Infrastructure Security Agency. The group was reportedly behind the hack of Change Healthcare that has been called the largest-ever cyberattack in healthcare.
The ransomware-as-a-service variant's affiliates practice so-called double extortion, where they both encrypt and exfiltrate data. They typically give victims three to 90 days to pay ransom before publishing the stolen information to the dark web.
CISA recommends that organizations install operating system, software and firmware updates upon their release, require phishing-resistant (i.e. nontext-based) multifactor authentication for as many services as possible, and train staff to recognize and report phishing attempts.