LabCorp Still Recovering From Ransomware Attack
by dblackwng - July 22, 2018 at 04:04 PM
#1
Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware.

"Our investigation has found no evidence of theft or misuse of data," the company says in a statement provided to Information Security Media Group on Friday. Although it confirms that the cyberattack that was detected last weekend involved ransomware, it did not specify the type of ransomware involved.
The company says it's been working to restore full system functionality as quickly as possible. It says that as of Friday, its lab test operations have substantially resumed, and it's working to restore additional systems and functions over the next several days.
Burlington, N.C.-based LabCorp, one of the largest diagnostic lab companies in the world, with $10.8 billion in annual revenue, issued a special 8K filing on July 16 with the U.S. Securities and Exchange Commission saying that it had detected suspicious activity on its IT network the weekend of July 14, but that statement didn't specify that ransomware was involved.

SamSam Attack?
According to some news media reports, the attack on LabCorp involved a variant of SamSam, ransomware. Federal regulators have issued warnings to the healthcare sector about SamSam after a series of attacks.

CSO Online, citing unnamed sources familiar with the organization, reports that hackers used brute force against LabCorp's remote desktop protocol and deployed SamSam to the LabCorp network, allegedly "encrypting thousands of systems and several hundred production servers" between the time the lab company detected suspicious activity on its IT network and began to mitigate the incident.

An alert issued in late March from the Department of Health and Human Services' Healthcare Cybersecurity and Communications Integration Center noted that the SamSam malware, active since 2016, has been largely associated with ransomware attacks against hospitals and others in the healthcare and public health sector. As of March, HHS said the SamSam malware had infected at least 10 entities, including eight healthcare sector organizations, since Dec. 26, 2016.
Among the healthcare sector entities previously hit by SamSam was electronic health records vendor Allscripts, which in January said an attack involving a variant of the SamSam ransomware impacted its cloud-based Professional EHR and Electronic Prescriptions for Controlled Substances services to physician group practices for several days.

But by now, the SamSam victim count in the healthcare sector is undoubtedly higher than HHS's tally earlier this year. HHS did not immediately respond to an ISMG request for comment.

In addition to LabCorp and Allscripts, another healthcare organization recently hit by a SamSam attack is Allied Physicians, a multispecialty practice with about 50 clinicians serving north central Indiana (see Malware Attacks: Tale of Two Healthcare Incidents).
"The healthcare industry is seen by attackers as an enticing target and ransomware is a low-risk, high-reward tool," says Pierson Clair, senior director in the cyber risk practice of security vendor Kroll.
Kroll says he's seen ransomware, specifically SamSam and its variants, used to target the healthcare sector as well as many other industries. "Attackers are continuously evolving their tools and methodologies to avoid detection by information security teams. These attackers morph their ransom toolkits in an effort to stay one step ahead of anti-virus and other means of protection. Attackers will find any available weakness in an organization in order to exploit it."

Sequence of Events
In its statement provided Friday to ISMG, LabCorp says that during the weekend of July 14, the company detected suspicious activity on its information technology network. The activity was subsequently determined to be "a new variant of ransomware," the company says.
"LabCorp promptly took certain systems offline as part of its comprehensive response to contain and remove the ransomware from its system. This has temporarily affected some test processing and customer access to test results."
The ransomware was detected only on LabCorp Diagnostics systems; Covance Drug Development's systems - a research unit - were not affected by the ransomware, the company says. "As part of our in-depth and ongoing investigation into this incident, LabCorp has engaged outside security experts and is working with authorities, including law enforcement."

More content at https://www.databreachtoday.com/labcorp-...ck-a-11235
#2
I saw this the other day, can't imagine how many people are exposed.
#3
Am I retarded to say I dont even know who labcorp are?
#4
Never heard of the company but wow ransomware attack are srsly brutal!!

Possibly Related Threads…
Thread Author Replies Views Last Post
Venezuelan government alleges 'electromagnetic attack' as blackout hits country jackieboy 0 160 July 24, 2019 at 12:16 AM
Last Post: jackieboy
New attack on WPA/WPA2 using PMKID Faiql4 2 298 July 14, 2019 at 11:19 PM
Last Post: STARTEXMISLEAD
Baltimore hit by ransomware attack, forcing officials to shut down city's servers hollymothermerry 7 468 May 13, 2019 at 02:39 PM
Last Post: Bordersun

 Users browsing this thread: 1 Guest(s)