Biotech company Miltenyi recuperating from malware attack, focusing on COVID-19 research efforts
In the past two weeks, global biotech company Miltenyi Biotec, based in Germany, has disclosed cases of malware in its IT infrastructure. The malware strain believed to be responsible for the cyberattacks is Mount Locker ransomware, according to reports.
The healthcare industry has been a prime target for ransomware attacks this year, with 39% of the attacks tracked between December 31, 2019, and September 2020 targeting healthcare providers. Mount Locker, similar to Maze, discloses data if a ransom isn't paid, as reported by Bleeping Computer.
The group behind Mount Locker ransomware claimed to have breached Miltenyi Biotec on November 3. Files encrypted by Mount Locker receive .ReadManual.ID extensions. Engaging with a file triggers the loading of the ransom note named RecoveryManual.html.
Smaller players in the healthcare industry's supply chain often lack the IT and security support for sufficient prevention, making them vulnerable to such attacks. During the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) extended support for the healthcare industry through Operation Warp Speed.
CISA has also included more indicators of compromise and YARA Rules for Trickbot detection in their advisory. Trickbot is a known malware used as a precursor to ransomware attacks.
Despite the attack, Miltenyi Biotec has contained and recovered the affected systems. The company did not specify the malware strain found in its systems.
Healthcare providers continue to be a prime target for ransomware actors during the pandemic. Mike Towers, CISO at Takeda Pharmaceuticals, mentioned that the cyber containment part of recovery from attacks is usually the shortest, but recovery is the longest part. The company does not expect delays in manufacturing or distributing orders.
The FBI, Department of Homeland Security, and Department of Health and Human Services warned the healthcare industry about a widespread ransomware threat, likely Ryuk or Conti strains, in October. It is unclear whether this warning was related to the recent attack on Miltenyi Biotec.
Mount Locker uses ChaCha20 for file encryption and an embedded RSA-2048 public key for encryption key encryption. This method is designed to make it difficult for security teams to decrypt the files without the attackers' private key.
The statement was made during Druva's virtual Cloud Data Protection Summit. The summit aimed to discuss the challenges and solutions in data protection and cybersecurity in the cloud era.
Read also:
- Top 15 Pivotal Risks to Mobile Application's Security
- UK manufacturing halt extended to three weeks due to cyber attack at JLR factory
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
- "Global VPN Day: Is it a shield for privacy or a gap needing sealing? Exploring the implications"
