New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fresenius Targeted by Snake Ransomware Group

The Snake ransomware group has been actively targeting and attacking organizations all over the world. One of the more recent attacks saw them gain access to records belonging to the European private hospital operator, Fresenius. Patient data that was stolen in the attack is available on a paste website and the threat actors from Snake claim that there is “more to come.” The data revealed so far appears to have come from a medical facility in Serbia. Information included in the paste includes first and last names, gender, birth date, the nationality of the patient, profession, postal address, phone number, as well as next of kin details. A small amount of medical data included name and phone number of the general practitioner, notes on allergies, test results, and doctor’s observations regarding the treatment. Earlier in May, Bleeping Computer received a photo from the Snake group which appeared to be the database belonging to Fresenius which they planned on sharing publicly at a later time.

Analyst Notes

Keeping anti-virus solutions up to date is only one part of a defense against intrusions and ransomware. Unfortunately, attackers are able to easily evade detection by anti-virus products in targeted attacks simply by making small modifications to their malware before deploying it. Adopting an EDR (Endpoint Detection and Response) solution with continuous monitoring as part of their defense-in-depth strategy adds an additional layer of security by detecting attacker behaviors. SOC (Security Operations Center) analysts at Binary Defense work around the clock to monitor client workstations and detect threats to stop them before they become a bigger issue. Keeping secure backups of files offline should also be considered so that they can be recovered if they become compromised and encrypted.