Everest Ransomware Group Targets Aspen Healthcare in Major Cyberattack

Aspen Healthcare Services, a leading provider of home health and hospice care in the Dallas/Fort Worth area, has become the latest victim of a ransomware attack by the notorious Everest Ransomware Group. The attack, which has compromised over 1,500 medical records and personal information, underscores the vulnerabilities faced by healthcare organizations in the digital age.

About Aspen Healthcare Services

With nearly two decades of experience, Aspen Healthcare Services has established itself as a leader in community-based healthcare. The company employs over 200 healthcare professionals dedicated to providing high-quality, patient-centered services. Aspen's offerings include home health care, hospice care, palliative care, and specialized services for veterans and patients with chronic illnesses. Their commitment to compassionate care and inclusivity has earned them recognition as a vital resource in the DFW area.

Details of the Ransomware Attack

The Everest Ransomware Group claims to have infiltrated Aspen Healthcare's systems, exfiltrating sensitive data and setting a ransom deadline for November 9. The attackers have threatened to release or sell the stolen information if their demands are not met. This attack highlights the significant risks faced by healthcare providers, who often store vast amounts of sensitive patient data, making them attractive targets for cybercriminals.

Profile of the Everest Ransomware Group

Active since December 2020, the Everest Ransomware Group is known for its involvement in ransomware attacks and data exfiltration. The group has a history of targeting organizations across various industries, with a particular focus on the healthcare sector. Everest distinguishes itself through its use of legitimate compromised user accounts and Remote Desktop Protocol for lateral movement, employing AES and DES algorithms to encrypt files. The group has also been linked to other ransomware entities, such as BlackByte, and has engaged in initial access brokering activities.

Potential Vulnerabilities and Penetration Tactics

Healthcare organizations like Aspen Healthcare are particularly vulnerable to ransomware attacks due to the sensitive nature of the data they handle and the critical need for uninterrupted access to patient information. The Everest group likely exploited these vulnerabilities through compromised user accounts and inadequate cybersecurity measures. The attack serves as a stark reminder of the importance of effective cybersecurity practices in safeguarding sensitive data.

Sources

• Aspen Healthcare Services
• Everest Ransomware Group Increases Initial Access Broker Activity
• Everest Ransomware
• Ransomed.vc Ransomware Group Spotted in the Wild