The FBI yesterday alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat emulation software. The alert includes indicators of compromise associated with attacks by the so-called OnePercent Group and recommended mitigation actions for affected organizations. 

John Riggi, AHA senior advisor for cybersecurity and risk, said, “The relatively low profile OnePrecent ransomware group is using common tactics such as phishing emails for initial compromise, then common technical tools such as Cobalt Strike and Powershell to spread the ransomware throughout the victim network. As we have seen several high-impact ransomware attacks targeting hospitals and health systems since Aug. 2, I recommend that any and all ransomware alerts issued by the government be given special attention. I and the AHA are closely coordinating with FBI, the Cybersecurity & Infrastructure Security Agency and HHS to exchange information relevant to ransomware attacks for the benefit of the field.”  

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update…
Headline
In part two of a recent blog, AHA National Advisor for Cybersecurity and Risk John Riggi and AHA Deputy National Advisor for Cybersecurity and Risk Scott Gee…
AHA Cyber Intel
In part one of this blog, we reviewed the number of cyberattacks the health care field endured this year compared to last; provided an overview of the lessons…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…