What's new this week in the news for MSPs? New healthcare-industry-focused cloud platform by Microsoft; AWS EC2 Nitro Enclaves now generally available; CISA warns of imminent cyberattacks against US healthcare industry targets; NetWalker ransomware attack against Enel Group; Ryuk ransomware attack hits Sopra Steria; Emotet malware using Microsoft Word upgrade in new phishing campaigns.
Let's see what it's all about.
New Healthcare-Industry-Focused Cloud Platform by Microsoft
Microsoft shared its first vertical cloud platform for healthcare providers. It combines elements of Microsoft 365, its Power Platform, and Dynamics 365 with the Azure cloud infrastructure service.
With Microsoft Cloud for Healthcare, the company envisions making it "faster and easier" for healthcare providers to provide "more efficient care." Supporting features like interoperability, data security, and compliance will still be a primary focus.
Experts say the new platform will work with unstructured and structured data, giving medical providers a wide range of cloud and AI-based services to choose from, including AI bots for virtual-based consultations.
Microsoft plans more system integrations and solutions to be built on top of the platform and is currently working with independent software vendors and system integrators for this purpose.
AWS EC2-Capable Nitro Enclaves Now Generally Available
The general availability of EC2 Nitro Enclaves from Amazon Web Services Inc. was announced this week. The EC2 capability means it will be easier for customers to process highly sensitive data more securely.
Amazon made the announcement last December, describing the product as one of three new security products that will provide the ability to partition computing and memory resources with an instance to create an isolated computing environment for customers.
The virtual machines made with Nitro Hypervisor technology will provide a CPU and memory isolation for Amazon EC2 instances. Also, it comes with no persistent storage, no administrator or operator access, and no external networking. Amazon says this feature will mean that apps running in an Enclave are inaccessible to other users and systems, including those within the customer's organization.
AWS Nitro Enclaves are now publicly available to the vast majority of Intel- and AMD-based Amazon EC2 instances built on AWS Nitro Systems.
4 white-label posters to help you educate your end-users on how not to get hit by ransomware.
NetWalker Ransomware Attack Against Enel Group
The energy firm Enel Group has been the victim of a ransomware attack for the second time this year. In this case, it is NetWalker that has asked for a $14 million ransom in exchange for the decryption key and a guarantee that they will not release several terabytes of data that they stole during the attack.
Enel Group is one of the largest organizations in the European energy arena, having more than 61 million customers across 40 countries. It ranks 87th in the Fortune Global 500 and has an annual revenue of nearly $90 billion as of 2019.
This week, NetWalker added Enel Group to their data leak site and uploaded screenshots showing some of the unencrypted files stolen during the attack. They claim to have about 5 terabytes from Enel and are ready to make them public within a week.
This tactic is a standard method used to pressure victims into paying the ransom, as it is often useful for the attackers.
Ryuk Ransomware Attack Hits Sopra Steria
Sopra Steria confirmed that they were hit with a cyberattack last week, but didn't provide any details. BleepingComputer and the French media were informed that the firm had been hit by Ryuk ransomware after a malware infection thought to be either TrickBot or BazarLoader.
The same group runs both malware variants, which give access to the threat actors behind Ryuk ransomware. This allows them to comprise a network further and finally install the ransomware throughout all devices on a firm's system.
This week, Sopra Steria issued a statement confirming that Ryuk ransomware had infected them. They determined that the attackers first compromised their network on October 20th.
Sopra Steria has begun the restoration of devices, and it's thought that it will be a few weeks before they are back to peak performance.
Emotet Malware Using Microsoft Word Upgrade in New Phishing Campaigns
Recently it has been observed that Emotet malware has introduced a new template in its phishing campaign that masquerades as a Microsoft Office message claiming that Microsoft Word needs to be updated for new features.
It then attempts to trick the victim into enabling macros, so that the Emotet malware gets downloaded and installed onto the computer. It begins its work of sending spam emails and will finally install other forms of malware that can lead to a ransomware attack.
Emotet is rated as the most commonly spread malware, currently targeting many victims. The primary danger is that it deploys other, more nefarious infections, such as TrickBot and Qbot malware, onto its victim's computer.
These will attempt to steal private information, such as passwords, banking information, and others. Additionally, it is known to lead to ransomware attacks from Conti and ProLock.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.