HHS: Ransomware Group Everest Targeting Healthcare Sector
HHS and the AHA caution the healthcare field of Russian ransomware group Everest, which utilizes compromised user accounts and remote access tools to gain access to systems
The threat alert stated that Everest has been active since 2020 and claimed responsibility for a recent incident impacting a surgical facility in the United States.
“Everest appears to have morphed into what is known as an ‘initial access broker,’ meaning their role in the underground Russian ransomware economy is to facilitate ransomware attacks by initially gaining unauthorized access to a victim organization through such means as credential theft. They then sell the unauthorized access to other gangs, who conduct the ransomware attack,” John Riggi, American Hospital Association (AHA) national advisor for cybersecurity and risk, warned in a statement.
“It is recommended that healthcare organizations set network monitoring tools to alert for Cobalt Strike activations,” Riggi advised in a statement.
Pietje Kobus has an international background and experience in content management and editing. She studied journalism in the Netherlands and Communications and Creative Nonfiction in the U.S. Pietje joined Healthcare Innovation in January 2024.
