Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits

I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident.  Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti.

The first ransomware group, identified as Karma, exfiltrated data but did not encrypt the target’s systems—because the targeted organization was in healthcare, they claimed in the ransom note dropped on the target’s PCs.

The second group, identified as Conti, came onto the network later, but had no such reservations. Less than a day after the Karma gang dropped their ransom notes, the Conti actors deployed their ransomware.


About the author: Dissent

Comments are closed.