Clop ransomware group

HC3 Warns Against New Ransomware Tactic Targeting Health Care Sector

The Health Sector Cybersecurity Coordination Center has warned that a Clop ransomware group has developed a new tactic to steal sensitive data from health care organizations and force them to pay a ransom.

According to the latest HC3 analyst note, the group has been using medical appointment requests to send infected files disguised as medical documents to health care facilities, hoping that the documents will be opened beforehand. The note cited the expansion of telehealth due to the COVID-19 pandemic as the reason why the tactic became highly successful, HealthITSecurity reported.

Clop, a successor of the CryptoMix ransomware believed to have been developed in Russia, uses a ransomware-as-a-service model and targets organizations earning at least $5 million in revenue annually.

Victims of Clop ransomware attacks include a pharmaceutical company, corporate networks using the SolarWinds platform and a maritime services giant.

Individuals linked to Clop ransomware were arrested in 2021, with authorities expecting a slowdown in the group’s activities. The note, however, said that the malware, which has anti-analysis capabilities, continued to show “non-stop activity through 2022.”

Data from Trend Micro’s Smart Protection Network showed that most Clop ransomware attack attempts detected between January 2021 and 2022 were aimed at U.S. organizations. The data also revealed that while the attacks targeted other sectors such as financial and media, their main focus was the health care sector.

HC3’s analyst note stated that “financial gain appears to be their primary goal.”