The FBI yesterday alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat emulation software. The alert includes indicators of compromise associated with attacks by the so-called OnePercent Group and recommended mitigation actions for affected organizations. 

John Riggi, AHA senior advisor for cybersecurity and risk, said, “The relatively low profile OnePrecent ransomware group is using common tactics such as phishing emails for initial compromise, then common technical tools such as Cobalt Strike and Powershell to spread the ransomware throughout the victim network. As we have seen several high-impact ransomware attacks targeting hospitals and health systems since Aug. 2, I recommend that any and all ransomware alerts issued by the government be given special attention. I and the AHA are closely coordinating with FBI, the Cybersecurity & Infrastructure Security Agency and HHS to exchange information relevant to ransomware attacks for the benefit of the field.”  

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
The Senate Health, Education, Labor and Pensions Committee last week held a hearing on how to strengthen cybersecurity in the health care and education…
Headline
The Cybersecurity and Infrastructure Security Agency yesterday directed federal agencies to take emergency action to prevent cyber actors from exploiting…
Headline
Cybersecurity authorities in the United Kingdom, Australia, Canada, New Zealand and the United States today urged companies that deliver, operate or manage…
Headline
The Cybersecurity and Infrastructure Security Agency and FBI yesterday updated their February advisory on destructive malware targeting organizations in…
Headline
Cybersecurity authorities in the United States, Australia, Canada, New Zealand and United Kingdom today advised organizations to apply timely patches and…
Headline
Learn why hospital and health system leaders such as Darren Lacey, chief information security officer at Johns Hopkins University/Johns Hopkins Medicine, look…