Recently, Microsoft announced that a financially motivated threat actor has been observed using a type of ransomware called INC for the first time, targeting the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking this activity under the name Vanilla Tempest (formerly known as DEV-0832).

In a series of posts on X, the company stated, "Vanilla Tempest takes over GootLoader infections by the threat actor Storm-0494 before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool." The Windows manufacturer noted that Vanilla Tempest has been active since at least July 2022 and has previously launched attacks targeting sectors such as education, healthcare, IT, and manufacturing using various ransomware families like BlackCat, Quantum Locker, Zeppelin, and Rhysida.

Some measures we should take to protect against attacks include:

• The most up-to-date security measures should always be used in your system,

• Multi-factor authentication should be enabled for online accounts,

• Emails from untrusted sources should not be opened,

• Applications and software should only be downloaded from trusted websites.