Microsoft warns of ransomware attacks on US health systems

Microsoft says hacker group Vanilla Tempest is targeting the healthcare sector in the US using the INC ransomware extortion operation.

In a series of X posts, the tech giant's threat intelligence account said that it had observed the "financially motivated threat actor" targeting health organisations using the INC platform for the first time, although it did not identify any organisations targeted in the attack.

According to the update, Vanilla Tempest piggybacked on initial access from a third-party infection by another threat actor, Storm-0494, to place INC encryption on its victims' networks. It said Vanilla Tempest has been active since July 2022 and commonly targets the education, healthcare, IT, and manufacturing sectors in attacks involving various ransomware payloads.