Ascension Ransomware Attack: Expert Analysis
May 2024 by Dmitry Sotnikov, Chief Product Officer at Cayosoft
After the Ascension ransomware attack the comment from Dmitry Sotnikov, Chief Product Officer at Cayosoft, which provides Active Directory management and instant recovery solutions.
"The ransomware attack on Ascension affords us a rare (though costly) learning opportunity. Thanks to the swift reporting and transparency of Ascension and Health-ISAC (Information Sharing and Analysis Center), the healthcare and cybersecurity communities received more details about the attack than we’re used to seeing. Every bit helps the healthcare sector, and its defenders take advantage of this knowledge to reinforce their security postures.
Black Basta, the Russia-linked ransomware-as-a-service gang and likely perpetrator of this attack, is showing little mercy. Using a double extortion technique, Black Basta didn’t just take systems offline and disrupt healthcare operations—it exfiltrated healthcare data and is threatening to leak it. Based on how much of Ascension’s network was affected, it’s likely that Black Basta may have exploited a lack of Active Directory controls for reconnaissance, privilege elevations, and lateral spread.
This attack is part of a larger trend we’ve observed in the last few years of this industry. In the past, healthcare organizations were generally considered off-limits to cybercriminals, who perceived them as "unethical" targets. This is definitely not the case today. The healthcare sector is disproportionately targeted in the constant rise of ransomware incidents—both for its sensitivity to downtime (patients’ lives at risk) and the value of its data (personal health records)."