CISA Warns of FiveHands Ransomware Threat

HIPAA Journal

Steve Alder

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a new ransomware variant being used in attacks on a wide range of industry sectors, including healthcare.

So far, the threat group behind the attacks has mainly targeted small- to medium-sized companies, according to researchers at FireEye who have been tracking the activity of the threat group. It is currently unclear whether this is the work of a nation state-backed hacking group or a cybercriminal organization. FireEye is tracking the group as UNC2447.

The threat group was first identified conducting FiveHands ransomware attacks in January and February, mostly on businesses in healthcare, telecommunications, construction, engineering, education, real estate, and the food and beverage industries. The group has been targeting an SQL injection vulnerability in the SonicWall SMA 100 Series VPN appliance – CVE-2021-20016 – to gain access to business networks and is using a variety of publicly available penetration and exploitation tools in the attacks.

FiveHands is a novel ransomware variant that utilizes...

Get the Morning Update

Thanks for subscribing!