Recently, ransomware removal experts found an organization in the medical testing industry LabCorp to be hit by a ranswomware. However, the organization has not made the attack’s details public while also not disclosing any details related to the number of servers that were affected.
LabCorp had to close down its network on 15th July, when ransomware removal analysts found the signs of an attack. As a result, its business operations came to a halt. It was rumored that the ransomware involved in the case was the notorious SamSam ransomware. LabCorp officials were reluctant to clarify this detail amidst continuous attempts by the reporters to gain further insight on the attack.
The official statement published by LabCorp constitutes of the date of the attack as well as terms like ‘a new variant of ransomware’ and ‘suspicious activity’ which makes it eerily similar to their statement that was filed with SEC after Sunday.
CSO Report and SamSam Ransomware
CSO’s reported earlier that more than 1000 of LabCorp’s servers had been compromised due to a ransomware attack. Some ransomware removal experts were pointing their fingers at SamSam as the culprit again.
Additionally, the report validated the official statement of LabCorp and corroborated that no information of patients were compromised as LabCorp monitored and analyzed the traffic of its system. This is an important detail according to ransomware removal experts as it resembles the work of SamSam Ransomware. The owners of SamSam are also disinterested in the contents of the hostage data and only hit servers with the intent of expanding their ransomware and extort money.
SamSam Ransomware’s modus operandi is to utilize Brute Force Remote Desktop Protocol attacks in the infiltration and proliferation of the systems. Moreover, it is only expected to harm systems that run on Windows Operating System.
LabCorp has now focused all its efforts in the disaster recovery process which may take a few more days.