North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware
Summary
The Lazarus Group, a North Korean threat actor, is now using Medusa ransomware to target healthcare organizations and other victims. At least one US healthcare organization and an entity in the Middle East have been targeted, according to researchers at Symantec and Carbon Black.
IFF Assessment
The use of Medusa ransomware by a known threat actor against critical infrastructure is bad news for defenders.
Defender Context
Healthcare organizations are prime targets for ransomware attacks, given the sensitivity and time-critical nature of their data. Defenders should implement robust backup and recovery procedures, regularly test their incident response plans, and maintain up-to-date threat intelligence to identify and mitigate potential attacks. Tracking known threat actor TTPs and new ransomware variants is essential for proactive defense.