Iran-linked ransomware gang targeted US healthcare org amid military conflict

A U.S. healthcare organization was targeted in late February Beazley Security helped the unnamed organization respond to an attack that used the Pay2Key ransomware strain. Halcyon Ransomware Research Center assisted in the investigation and identified several improvements in the ransomware that made it harder to detect and more damaging. No evidence showed that data was exfiltrated during the intrusion. This differed from previous statements The attack took place concurrently with the military conflict between the U.S. and Iran. Researchers found that the hackers had compromised an administrative account on the victim's network several days before deploying the ransomware and encrypting the environment. The hackers also sought to clear all traces of their activity and event logs after encryption. Cynthia Kaiser, senior vice president at Halcyon's Ransomware Research Center, said the incident appeared to coincide with the start of the military conflict with Iran. Kaiser questioned the motives of the incident and noted that the group does work on behalf of the government but not always. She said the public should assume other Iranian cyberattacks are occurring but have not been made public.