Advanced, the NHS supplier at the centre of the August cyber-attack, were quick to go to press with their success of containing and limiting the reach of the ransomware attack. However now, after a considered investigation, whilst confining the attack, the threat actors exfiltrated data from the systems:
It was LockBit that forced NHS tech supplier to shut down • The Register
Entry was gained to the system using third party credentials and a Remote Desktop connection on one of Advanced’s servers. From there the threat actor was able to escalate privileges, conduct reconnaissance and then deploy the Lockbit malware ransomware.
The recovery of the systems and services is still ongoing and still costing the taxpayers money.
Further Reading
NHS cyber-attack effectively contained – Smart Thinking Solutions
More on the recent NHS ransomware attack – UPDATED – Smart Thinking Solutions
NHS cyber-attack issue still continuing two months later… – Smart Thinking Solutions
