Experts Reaction On REvil/Sodin Behind UnitingCare Breach

UnitingCare Queensland, which had fallen victim to a cyberattack at the end of last month, has now revealed that the ransomware gang REvil/Sodin was behind the attack. The organisation, which provides aged care, disability supports, health care, and crisis response services, said its systems are still impacted, with some still inaccessible.

Experts Comments

May 06, 2021
Robert Golladay
Strategic Director for EMEA and APAC
Illusive

The growing number of ransomware attacks has, unsurprisingly, turned this form of cybercrime into an industry in its own right. This is because ransomware is a significant source of revenue for cybercriminals, who have become much more organised and created operations such as ransomware-as-a-service and ransomware enterprises of the size of REvil/Sodin.

 

But even though these attacks are evolving, it is the most common technique that continue to cause the most damage.  For one, lateral

.....Read More

The growing number of ransomware attacks has, unsurprisingly, turned this form of cybercrime into an industry in its own right. This is because ransomware is a significant source of revenue for cybercriminals, who have become much more organised and created operations such as ransomware-as-a-service and ransomware enterprises of the size of REvil/Sodin.

 

But even though these attacks are evolving, it is the most common technique that continue to cause the most damage.  For one, lateral movement is used to target the most valuable assets - gone are the days of "spray and pray", hackers know what the crown jewels are and are determined to get to them.  Stolen credentials lead to privilege escalation and ultimately hand attackers the "keys to the kingdom".   Healthcare organisations are an especially attractive target for attackers by virtue of the valuable personal identifiable information their servers hold and should use this knowledge of common techniques to shore up their defenses. It might also be worth it to consider shifting these organisations’ ransomware defense strategy from a passive to an active one: hardening systems and patching are essential, but deceiving attackers into taking the wrong step and revealing their presence in their network before they get to valuable assets can significantly reduce dwell time and minimise the damage.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.