Fri Sep 20 08:32:33 UTC 2024: ## Vanilla Tempest Cybercrime Gang Targets Healthcare Sector with INC Ransomware
**[City, State] – September 20, 2024** – A financially motivated cybercrime gang known as Vanilla Tempest has been observed targeting the healthcare sector in the United States, marking the first time the group has deployed the INC ransomware. Microsoft Threat Intelligence has tracked the group’s activities since July 2022, noting their previous use of various ransomware payloads including BlackCat, Quantum Locker, Zeppelin, and Rhysida.
Vanilla Tempest often leverages Gootloader infections, before deploying tools like Supper backdoor, AnyDesk remote monitoring and management (RMM) tool, and MEGA data synchronization tool. The group relies on Remote Desktop Protocol (RDP) for lateral movement and deploys the INC ransomware through the Windows Management Instrumentation Provider Host.
The healthcare sector has been a primary target for cybercrime groups in recent years due to the sensitive nature of patient data and the potential for significant disruption to critical services.
Microsoft Defender for Endpoint can detect multiple stages of Vanilla Tempest activity, including the INC ransomware and other malware associated with the campaign. Organizations are encouraged to follow Microsoft’s guidance on defending against ransomware to mitigate the risk of attacks.
First Piper 