A ransomware attack on Mackay Memorial Hospital in Taiwan highlights the growing use of publicly available offensive tools by threat actors. The CrazyHunter ransomware, built using the Prince Ransomware builder from GitHub, encrypted over 600 devices across two hospital branches. The attack, likely initiated via a USB device, employed various tools for defense evasion, encryption, and lateral movement. The threat actor used a vulnerable Zemana driver to disable security products, utilized the Prince Ransomware builder for file encryption, and leveraged SharpGPOAbuse for lateral movement. The incident demonstrates the increasing accessibility of cyber attack tools, enabling even less skilled actors to launch sophisticated attacks. This trend poses significant challenges for attribution and defense against ransomware threats. Author: AlienVault
Related Tags:
CrazyHunter
T1211
T1562.001
T1484.001
T1059.003
Taiwan
ransomware
Healthcare
T1570
Associated Indicators:
2CC975FDB21F6DD20775AA52C7B3DB6866C50761E22338B08FFC7F7748B2ACAA
14359F54D49799C713C2A8CC0C19A88392A0C6AD2C383494023008326CD0BA15
BDFC66266A2A19FC3D5DCCEF3EEFE4C0EE928BA5B7ABAD60BC320218B2082FEA
754D5C0C494099B72C050E745DDE45EE4F6195C1F559A0F3A0FDDBA353004DB6
512F785D3C2A787B30FA760A153723D02090C0812D01BB519B670ECFC9780D93
5316060745271723C9934047155DAE95A3920CB6343CA08C93531E1C235861BA
983F5346756D61FEC35DF3E6E773FF43973EB96AABAA8094DCBFB5CA17821C81
F72C03D37DB77E8C6959B293CE81D009BF1C85F7D3BDAA4F873D3241833C146B
0937377D1EF1D47A04F1E55D929FE79C313D7640