The majority of ransomware attacks on the healthcare and public health sector in the first quarter of 2022 were conducted by five ransomware-as-a-service groups, according to a May 5 HHS trend report.
The five groups responsible for the attacks:
- LockBit 2.0: On Feb. 7, HHS and the FBI released a joint alert warning of the LockBit 2.0 ransomware group stating the group uses techniques such as purchased access, unpatched vulnerabilities, insider access and zero-day exploits. Despite claims from the group stating that it does not target the healthcare sector, the HHS found that it was responsible for 31 percent of attacks on the healthcare sector.
- Conti: Conti ransomware, which is known for stealing files, encrypting servers and demanding a ransom payment, was responsible for 31 percent of attacks on the healthcare sector. The State Department is currently offering a $10 million reward for information that will lead to the identification of key leaders of the group.
- SunCrypt: SunCrypt, which is still "under development," according to the HHS, was responsible for 16 percent of attacks on the healthcare sector.
- Blackcat: BlackCat, also known as ALPHAV, was launched in November 2021. According to HHS, Blackcat was responsible for 11 percent of attacks on the healthcare sector. The group is known for targeting large organizations and demanding ransom payments of several million dollars in Bitcoin or Monero.
- Hive: Hive, which exfiltrates data and encrypts files held on a network, was responsible for an attack on Marietta, Ohio-based Memorial Health System that shutdown its IT network in August 2021. The HHS determined that the group was responsible for 11 percent of attacks on the healthcare sector.