"LockBit 3.0 Malware Forced NHS Tech Supplier to Shut Down Hosted Sites"

Advanced, a managed software provider to the UK National Health Service (NHS), has confirmed the theft of customer data as a result of a cyberattack that has disrupted its operations. The attack pushed Advanced to take a part of its infrastructure offline to prevent infection from spreading to other systems. As a result, a number of websites hosted for clients were made unavailable. For example, the incident disrupted healthcare customers, forcing NHS 111 medical services operators to revert to pen and paper as digital services were down. Advanced confirmed that the attackers, who were financially motivated, were able to temporarily obtain a limited amount of information about 16 of its Staffplan and Caresys customers from its environment. According to the company's incident update, no data was stolen from the other products it hosts, and it has recovered the limited amount of data stolen from the infected systems. The malware strain used in the attack was LockBit 3.0, the most recent version of the ransomware released in June, according to Microsoft and Mandiant. The threat actors gained access through Advanced's network by utilizing legitimate third-party credentials to establish a Remote Desktop session to the Staffplan Citrix server. The attacker moved laterally in Advanced's Health and Care environment and escalated privileges during the initial logon session, allowing them to conduct reconnaissance and deploy the malware. The threat actor copied and exfiltrated a limited amount of data prior to encrypting systems. This article continues to discuss the impact and threat actors behind the ransomware attack faced by Advanced. 

The Register reports "LockBit 3.0 Malware Forced NHS Tech Supplier to Shut Down Hosted Sites"