Experts Reaction On REvil/Sodin Behind UnitingCare Breach

UnitingCare Queensland, which had fallen victim to a cyberattack at the end of last month, has now revealed that the ransomware gang REvil/Sodin was behind the attack. The organisation, which provides aged care, disability supports, health care, and crisis response services, said its systems are still impacted, with some still inaccessible.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Robert Golladay
Robert Golladay , Strategic Director for EMEA and APAC
InfoSec Expert
May 6, 2021 1:13 pm

<p>The growing number of ransomware attacks has, unsurprisingly, turned this form of cybercrime into an industry in its own right. This is because ransomware is a significant source of revenue for cybercriminals, who have become much more organised and created operations such as ransomware-as-a-service and ransomware enterprises of the size of REvil/Sodin.</p> <p> </p> <p>But even though these attacks are evolving, it is the most common technique that continue to cause the most damage.  For one, lateral movement is used to target the most valuable assets – gone are the days of \"spray and pray\", hackers know what the crown jewels are and are determined to get to them.  Stolen credentials lead to privilege escalation and ultimately hand attackers the \"keys to the kingdom\".   Healthcare organisations are an especially attractive target for attackers by virtue of the valuable personal identifiable information their servers hold and should use this knowledge of common techniques to shore up their defenses. It might also be worth it to consider shifting these organisations’ ransomware defense strategy from a passive to an active one: hardening systems and patching are essential, but deceiving attackers into taking the wrong step and revealing their presence in their network before they get to valuable assets can significantly reduce dwell time and minimise the damage.<img class=\"CToWUd\" src=\"https://ci5.googleusercontent.com/proxy/_c0DlkH2DQWlFw3cR2oq9__p2-GWcGapn-7MELrpUISVj1j0Hp_feb5ZzLPX3DBImz2S5ON9MYKq6mPIs6XRZ7jLomc4NiT8KelppZenTkofk1ycmSE4Wrzdav0SMQaAN73oXFmZj9AQq5lol3s-nungc-tWeolUhxGxwSHiB4Pe0s3XXYXWVbKdK5RDkfI0Ks9aK8Sp0QepJ2wudVZiVmGxd_xQXby9fAfkuqRZqEzz3KlI0Ykls-uJLfMW19fYXfmiAaq_HuAxCi59eL3vMJLZG0L0L-BWUwj8NWgxXbb5Dnvi3LKplDruoGGjaoGtRG3bxaaq8_7ic-FrF-xaBvPJdfb0YBSy7YVOC4A2_JIUqiEKOEbsUFNbggowHgqT2bNdwde2dtWlQQYs6vpVRI4fNBCBJBCpCn4Pqad40Hp5jAF_3fJ2M-iHBmGtzC-r6e_lIkxSBP6VwDgwS_7SImViXqpr5cljSFfKzd31PzhayL1dN1If30-TcR31U-wDn0t83igXHz5MqoSDNq7kcyS861mG7hLEKjuJ1ghiyosQ-YRGH16WtxgUJPxZnT3rAdTetrphMFMpRmi9C93B6KIqDfyNjDwAqS3SGnDb57QhHhZcGJigIsQ0ZmvQT4YiKb_p805BJ3zKNQWo9OZWhcMr41yBj8UFqdL0Kl0=s0-d-e1-ft#https://u7061146.ct.sendgrid.net/wf/open?upn=CwffFhHzH-2F8AytMf4pRK8PqLSPZ8NCqxlAclJe3h8Vsy0MdHwJqp5xwJH41tlwXzBeKrQMWiCt6eTu4dpsuA9JCq8KfssoomvUSzq1I-2Fl2DWZRwfX4uXZGG9-2FsEUjsxvPjgin862mEdMCZ2E0-2B4bKxb-2BYBKgcJkrus4PpavYbUQO3HfbzVqsMxx2eeAoGWez56MNTNr4VtgiScPLt1Qm6Y-2Ft16ATHRFOTV9-2BEu6jyi7eKnTdDBZTE-2FojhTHOUbpHtWJHM-2B8hOmDoDKF-2FgKHeYHop9aNSWT07lD1-2B5d-2BpaCSko5-2BGWqPwljLaQi6re7OFEMejiF7-2BFOj9mHj7A3eqnoCR-2FHeZW3PJptcmZYPApKopFsL3UzFH9kPDiJx0QCOk9X5sCsn-2FUDj6pj1YVW2YxA-3D-3D\" alt=\"\" width=\"1\" height=\"1\" border=\"0\" /></p>

Last edited 1 year ago by Robert Golladay
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x