A New Cyber Threat to Watch

October 08, 2024

The federal government is warning of another emerging cybersecurity threat that has targeted the health sector.

Earlier this month, the Office of Information Security and Health Sector Cybersecurity Coordination Center (HC3) issued a threat brief about the Trinity ransomware group. The group is known for using a “double extortion strategy” that puts significant pressure on victims to pay ransom, officials noted.

“This is a tactic increasingly seen across newer ransomware strains targeting critical industries, particularly health care,” the threat brief notes.

Here’s what you need to know:

• First reported:  May 2024.
• About the threat:  The group’s software infiltrates systems through phishing emails, malicious websites, and other software vulnerabilities.
  • The group encrypts the victim’s files and renders them unusable without the correct decryption key. It also threatens to leak sensitive information unless ransom is paid.
• Targeting health care:  The group has seven reported victims to date, including two health care providers.
  • One of the victims is based in the United Kingdom, and the other is a U.S.-based gastroenterology services provider.
• What to do:  The brief notes several important mitigations, including implementing recovery plans; using network segmentation and offline backups; regularly backing up data and password-protecting files; and installing and regularly updating software on all hosts, among other initiatives.
• Quotable:  “Furthermore, the identification of Trinity’s similarities with other ransomware variants … suggests a potential link or collaboration among threat actor groups,” the threat brief noted. “This collaboration could lead to the exchange of techniques, tools, and infrastructure, amplifying the scale and sophistication of future ransomware campaigns.”

The threat brief is available online.