{"id":599829,"date":"2023-01-21T12:49:41","date_gmt":"2023-01-21T18:49:41","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/21\/hc3-warns-of-clop-ransomware-targeting-medical-images\/"},"modified":"2023-01-21T12:49:41","modified_gmt":"2023-01-21T18:49:41","slug":"hc3-warns-of-clop-ransomware-targeting-medical-images","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/21\/hc3-warns-of-clop-ransomware-targeting-medical-images\/","title":{"rendered":"HC3 warns of Clop ransomware targeting medical images"},"content":{"rendered":"<div property=\"content:encoded\">\n<p>The Health Sector Cybersecurity Coordination Center said in its latest analysis that the Clop ransomware gang has shifted tactics, directly impacting the healthcare and public health sector.\u00a0<\/p>\n<p><strong>New baiting tactics for ransomware gang\u00a0<\/strong><\/p>\n<p>While Clop ransomware has been around since 2019 and experienced several arrests, the ransomware-as-a-service operation has had difficulties getting victims to pay the ransom.\u00a0<\/p>\n<p>HC3, which released several ransomware warnings in 2022, including one about the\u00a0<a data-mce-href=\"https:\/\/www.healthcareitnews.com\/news\/feds-warn-healthcare-providers-exceptionally-aggressive-ransomware-group\" href=\"https:\/\/www.healthcareitnews.com\/news\/feds-warn-healthcare-providers-exceptionally-aggressive-ransomware-group\" target=\"_blank\" rel=\"noopener\">exceptionally aggressive Hive ransomware<\/a>\u00a0that seeks to delete healthcare data backups, says that Clop has been infecting files and disguising them to look like medical documents to be reviewed.<\/p>\n<p>They are &#8220;submitting them to facilities, and then requesting a medical appointment in hopes of those malicious documents being opened and reviewed beforehand,&#8221; the agency said in the\u00a0<a data-mce-href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/clop-ransomware-analyst-note-tlpclear.pdf\" href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/clop-ransomware-analyst-note-tlpclear.pdf\" target=\"_blank\" rel=\"noopener\">analysis<\/a>.<\/p>\n<p>&#8220;These attacks have a higher chance of working due to conditions from COVID-19 expansion in the telehealth environment.&#8221;<\/p>\n<p>The agency also indicates that Clop, or CLOp, targets Windows and sends phishing emails to gain entry.\u00a0It&#8217;s also known to have resistance to anti-analysis virtual-machine analysis.\u00a0<\/p>\n<p>After files are encrypted, they drop a ransom note saying that the stolen files will be deleted after two weeks.<\/p>\n<p><strong>Targeting telehealth<\/strong><\/p>\n<p>Medical providers continue to expand telehealth to increase access, improve care and reach more patients \u2013 and\u00a0<a data-mce-href=\"https:\/\/www.healthcareitnews.com\/news\/telehealth-revenue-could-hit-20b-five-years-say-analysts\" href=\"https:\/\/www.healthcareitnews.com\/news\/telehealth-revenue-could-hit-20b-five-years-say-analysts\" target=\"_blank\" rel=\"noopener\">revenues are high<\/a>.<\/p>\n<p>Last month KrebsOnSecurity reported about Clop after seeing an intercepted communication in which the group indicated it was successful in infiltrating new victims by disguising ultrasound images and other medical documents.<\/p>\n<p>In the\u00a0<a data-mce-href=\"https:\/\/krebsonsecurity.com\/2022\/12\/new-ransom-payment-schemes-target-executives-telemedicine\/\" href=\"https:\/\/krebsonsecurity.com\/2022\/12\/new-ransom-payment-schemes-target-executives-telemedicine\/\" target=\"_blank\" rel=\"noopener\">report<\/a>, Alex Holden, founder of Hold Security, a Milwaukee-based cybersecurity firm, said the group is strategically targeting the types of medical conditions they perceive to be more easily diagnosed via telehealth.<\/p>\n<p>&#8220;Basically, they\u2019re counting on doctors or nurses reviewing the patient\u2019s chart and scans just before the appointment,&#8221; Holden said.\u00a0<\/p>\n<p>&#8220;They initially discussed going in with cardiovascular issues, but decided cirrhosis or fibrosis of the liver would be more likely to be diagnosable remotely from existing test results and scans.&#8221;<\/p>\n<p><em>Andrea Fox is senior editor of Healthcare IT News.<br \/>\nEmail:\u00a0<a href=\"http:\/\/www.healthcareitnews.com\/mailto:af**@***ss.org\" data-original-string=\"6osvfEyq7wfZhSAW\/7DXQw==7f4wvCRMWT2Fan9Ss3Y8bx\/lw==\" title=\"This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.\" target=\"_blank\" rel=\"noopener\"><span \n                data-original-string='lY0ZcoqZsuzU4+qRUzKfHw==7f4jPdfoEz2Ru7Scquet8THaQ=='\n                class='apbct-email-encoder'\n                title='This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.'>af<span class=\"apbct-blur\">**<\/span>@<span class=\"apbct-blur\">***<\/span>ss.org<\/span><\/a><\/em><br \/><em>Healthcare IT News is a HIMSS publication.<\/em><\/p>\n<\/div>\n<p><a href=\"https:\/\/www.healthcareitnews.com\/news\/hc3-warns-clop-ransomware-targeting-medical-images\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Alejandro Mote<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Health Sector Cybersecurity Coordination Center said in its latest analysis that the Clop ransomware gang has shifted tactics, directly impacting the healthcare and public health sector.\u00a0 New baiting tactics for ransomware gang\u00a0 While Clop ransomware has been around since 2019 and experienced several arrests, the ransomware-as-a-service operation has had difficulties getting victims to pay<\/p>\n","protected":false},"author":1,"featured_media":599830,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31358,359],"tags":[],"class_list":{"0":"post-599829","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ransomware","8":"category-warns"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=599829"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599829\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/599830"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=599829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=599829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=599829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}