Global EditionPrivacy & SecurityRansomware roundup: Possible Change Healthcare double extortion; LockBit reorganizes; and moreAnd in other news, CISA directs federal agencies on Microsoft breach by Russian operatives.By Andrea FoxApril 12, 202401:43 PM

全球编辑隐私和安全软件综述：可能改变医疗保健双重勒索；LockBit重组；此外，在其他新闻中，CISA指示联邦机构处理俄罗斯特工对微软的违规行为。作者：Andrea Foxpril 1202401:43 PM

Photo: Andrew Brookes/Getty Images

照片：安德鲁·布鲁克斯/盖蒂图片社

Made clear across the healthcare cybersecurity landscape this week is the specter of a potential double extortion attack by RansomHub looming over Change Healthcare following its February cyberattack by ALPHV.

在本周的医疗保健网络安全格局中，人们清楚地看到，继2月份ALPHV的网络攻击之后，勒索中心（RansomHub）可能会对Change healthcare发起双重勒索攻击。

Further, a whirlwind of news on LockBit portends a complicated tale of international espionage and potential new threats to healthcare organizations from this group. We spoke to several cybersecurity leaders this week for healthcare's takeaways.

此外，LockBit上的新闻旋风预示着一个复杂的国际间谍故事，以及这个群体对医疗保健组织的潜在新威胁。本周，我们就医疗保健的收获与几位网络安全领导人进行了交谈。

Double extortion for Change Healthcare

改变医疗保健的双重勒索

Multiple sources reported the RansomHub ransomware-as-a-service group claimed possession of 4TB of stolen Change Healthcare data and threatened to make it public if a ransom is not paid.

多位消息人士报告称，勒索中心勒索软件即服务集团声称拥有4TB被盗的Change Healthcare数据，并威胁称如果不支付赎金，将公开这些数据。

'Double extortion actually seems completely in line with what they might do,' Joel Burleson-Davis, senior vice president of worldwide engineering of cyber at Imprivata, said by email Friday.

Imprivata全球网络工程高级副总裁乔尔·伯莱森·戴维斯（JoelBurlesonDavis）周五通过电子邮件表示，双重勒索实际上似乎完全符合他们的行为。

'The other dynamic is that these are business models so if they want payout they need to hold up their end of the bargain, sort of like a contract situation. Double extortion is like a risk/reward scenario for their future business model,' he explained.

“另一个动态是，这些都是商业模式，所以如果他们想要支付，他们需要保持谈判的结束，有点像合同情况。他解释说，双重勒索就像是他们未来商业模式的风险/回报情景。

Last month, SOCRadar posted a RansomHub profile and reported that, in contrast to other ransomware groups, the group's ransom payments are initially sent to affiliates for a take of 90%.

上个月，SOCRadar发布了勒索中心（RansomHub）的个人资料，并报告称，与其他勒索软件集团相比，该集团的勒索付款最初发送给附属公司，收取90%。

Meanwhile, vx-underground, a trove of malware source code samples and information, according to its X profile, said Monday that ALPHV affiliates moved to RansomHub.

与此同时，根据其X档案，vx underground（一个恶意软件源代码样本和信息宝库）周一表示，ALPHV附属公司已迁至勒索中心。

'Change Healthcare and UnitedHealth, you have one chance to protecting your clients data. The data has not been leaked anywhere and any decent threat intelligence would confirm that the data has not been shared nor posted,' the group allegedly posted Monday, according to a screenshot a group called Dark Web Informer shared on the social media platform X. .

“改变Healthcare和UnitedHealth，您只有一次机会保护您的客户数据。据社交媒体平台X上一个名为“黑暗网络告密者”的组织发布的屏幕截图显示，该组织据称于周一发布了该数据，该数据未在任何地方泄漏，任何像样的威胁情报都将证实该数据未被共享或发布。

Also on the alleged RansomHub dark website page, the group added, 'We have the data and not ALPHV.'

该组织还在被指控的勒索中心（RansomHub dark）网站页面上补充道，“我们有数据，而不是ALPHV。”

The Department of Justice announced it seized ALPHV Blackcat in December, but then the Blackcat group claimed responsibility for the Change Healthcare attack in February and reported having medical, insurance and dental records, along with payment and claims data and the personally identifiable information of patients along with U.S.

司法部宣布于12月查获了ALPHV Blackcat，但随后Blackcat集团声称对2月的Change Healthcare袭击负责，并报告称其拥有医疗、保险和牙科记录，以及支付和索赔数据以及患者的个人身份信息以及美国。

military/navy personnel data. .

军事/海军人员数据。。

In March, ALPHV listed the ransom payment, and the site shut down with a second law enforcement seizure, notices the investigating agencies denied posting.

3月，ALPHV列出了赎金支付清单，该网站因第二次执法查封而关闭，调查机构拒绝发布通知。

Whether the group is a related or unrelated set of threat actors trying to get UnitedHealth Group to pay more than the $22 million worth of Bitcoin it may have already paid to help restore Change Healthcare systems and release strain on providers after the ransomware outage, the potential to leak the enormous trove of protected health data is alarming for the entire healthcare ecosystem..

无论该集团是一组相关或不相关的威胁参与者，试图让联合健康集团（UnitedHealth group）支付超过2200万美元的比特币，以帮助恢复变化的医疗保健系统，并在勒索软件中断后缓解提供商的压力，泄漏大量受保护健康数据的可能性对整个医疗保健生态系统来说都是令人担忧的。。

Greg Surla told Healthcare IT News Thursday the risk of such a large-scale data breach on healthcare organizations is 'complex and disturbing.'

格雷格·苏拉（GregSurla）周四对《医疗IT新闻》（Healthcare IT News）表示，医疗机构发生如此大规模数据泄露的风险“复杂而令人不安”

'This new threat of data exposure from a second party reinforces the importance of business continuity planning as it may be difficult to predict when an attack is truly over,' he stressed by email.

他在电子邮件中强调说，这种来自第二方的数据暴露的新威胁加强了业务连续性规划的重要性，因为可能很难预测攻击何时真正结束。

'Furthermore, the latest developments intensify the need to ensure that PHI is protected using strong security controls, aligned with industry best practices and any breaches are reported to [U.S. Health and Human Services] and affected individuals without significant delay following a breach.'

“此外，最新发展更加需要确保PHI受到严格的安全控制，并与行业最佳实践保持一致，并且在违规后立即向[美国卫生与公众服务]和受影响个人报告任何违规行为。”

Burleson-Davis added that a potential double extortion scenario is 'why we need more regulations around third-party access' and robust security programs, like privileged access management tools, 'can avoid some of this stuff.'

Burleson-Davis补充说，潜在的双重勒索情况是“为什么我们需要更多关于第三方访问的法规”，而强大的安全程序，如特权访问管理工具，“可以避免一些此类事情。”

'[UHG] has likely done as much forensics as possible and if they had an undetected second breach, it really could be a second actor acting. But what’s to say there’s not a third, or fourth?,” he explained to Healthcare IT News.

“（UHG）可能已经尽可能多地进行了取证，如果他们有未被发现的第二次违规行为，那真的可能是第二个演员的行为。但是怎么说没有第三个或第四个呢？”他向医疗IT新闻解释道。

'The fact that there’s additional activity that looks like a second breach or a double extortion means that they are still in the thick of this and not out of the woods yet,” he added. 'If there’s many different actors present in their system now, the road to recovery will be way longer, way more expensive, and way more impactful..

他补充道：“事实上，还有类似第二次违规或双重勒索的额外活动，这意味着他们仍处于困境，尚未脱离险境。”如果现在他们的系统中有许多不同的参与者，那么复苏之路将更长、更昂贵、更具影响力。。

'How do they know they’re clean? This creates a giant risk profile.'

“他们怎么知道自己是干净的？这就产生了巨大的风险。”

SC Media noted in its report Monday that RansomHub is giving UHG and Optum 12 days to pay, or will leak Change Healthcare's data.

SC Media在周一的报告中指出，RansomHub将给UHG和Optum 12天的付款时间，否则将泄露Change Healthcare的数据。

Researchers unravel LockBit

研究人员解开了锁链

In February, DOJ and the U.S. Federal Bureau of Investigation announced an international team of law enforcement officials collaborated through a coordinated government-led ransomware defense campaign called Operation Cronos and seized the Lockbit ransomware gang servers, providing decryptors to numerous organizations across sectors..

2月，美国司法部和美国联邦调查局宣布，一支由执法官员组成的国际团队通过一项名为“克罗诺斯行动”的协调政府主导的勒索软件防御运动进行合作，并查获了锁定勒索软件团伙服务器，为各部门的众多组织提供解密程序。。

Lockbit, a ransomware group known to attack healthcare organizations – although it apologized to Toronto-based SickKids and offered a decryptor in 2023 – appears it will not go down without a fight.

洛克比特（Lockbit）是一家勒索软件集团，以攻击医疗保健组织而闻名，尽管它在2023年向多伦多的SickKids道歉并提供了解密程序，但它似乎不会不战而退。

Last week, Trend Micro released details on how LockBit operated after the disruption of Operation Cronos. The company said while attempting to stay afloat with a new version, as the group is most likely working on LockBit 4.0, it may have recently released the variant LockBit-NG-Dev.

上周，趋势科技（Trend Micro）发布了有关克罗诺斯行动（Operation Cronos）中断后LockBit如何运作的详细信息。该公司表示，虽然该集团很可能正在开发LockBit 4.0，但在尝试推出新版本时，它可能最近发布了LockBit-NG-Dev变体。

After researching the threat actors associated with the group, Trend Micro researchers said they question LockBit's ability to attract top affiliates based on the group's 'logistical, technical and reputational' failures in 2023.

Trend Micro研究人员在研究了与该集团相关的威胁因素后表示，他们质疑LockBit在2023年因该集团“后勤、技术和声誉”方面的失败而吸引顶级附属公司的能力。

There was also speculation Thursday that LockBit is rebranding as DarkVault, according to a Cybernews report.

据网络新闻报道，周四也有传言称，洛克比特将更名为达克瓦特。

Meanwhile, an unnamed source told Bloomberg Wednesday that law enforcement investigators have linked pseudonyms used by the LockBit hacking gang to specific individuals and are tracking down a list of 200 leads to LockBit associates.

与此同时，一位不愿透露姓名的消息人士周三告诉彭博社，执法调查人员已将LockBit黑客团伙使用的假名与特定个人联系起来，并正在追踪200条与LockBit有关联的线索。

The DOJ also said when it announced the seizure of LockBit's assets that it unsealed indictments in New Jersey and California for the Russian nationals Artur Sungatov and Ivan Kondratyev, also known as the cybercriminal Bassterlord, for deploying LockBit against numerous victims throughout the United States. .

司法部还表示，在宣布扣押LockBit的资产时，它在新泽西州和加利福尼亚州对俄罗斯国民Artur Sungatov和Ivan Kondratyev（也称为网络罪犯Bassterlord）提起了起诉书，指控他们在美国各地部署LockBit对付众多受害者。。

Sungatov and Kondratyev are not in custody but have been sanctioned by the U.S. Treasury, according to a February story in TechCrunch, meaning any connection by any U.S. business or individual paying them runs the risk of fines and/or criminal prosecution.

据TechCrunch 2月份的报道，Sungatov和Kondratyev目前尚未被拘留，但已得到美国财政部的制裁，这意味着任何美国企业或个人向他们付款的任何关联都有被罚款和/或刑事起诉的风险。

Microsoft CVEs double in April

微软CVEs四月翻番

The Cybersecurity and Infrastructure Security Agency issued an emergency directive last week to address the impact on federal agencies from a breach of Microsoft.

网络安全和基础设施安全局（Cybersecurity and Infrastructure Security Agency）上周发布了一项紧急指令，以应对违反微软（Microsoft）规定对联邦机构造成的影响。

'The Russian state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch agencies and Microsoft through a successful compromise of Microsoft corporate email accounts,' CISA said in the April 2 announcement.

CISA在4月2日的公告中表示，俄罗斯国家赞助的网络演员午夜暴雪（Midnight Blizzard）通过成功折衷微软公司电子邮件账户，泄露了联邦文职行政部门机构与微软之间的电子邮件通信。

The FCEB agencies are required to 'analyze the content of exfiltrated emails, reset compromised credentials and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure,' the top U.S. cybersecurity agency said.

美国顶级网络安全机构表示，FCEB机构需要“分析泄露电子邮件的内容，重置受损凭据，并采取其他步骤确保特权Microsoft Azure帐户的身份验证工具安全。”。

It's a big month for Microsoft security common vulnerabilities and exposures that all sectors, including healthcare IT, should pay attention to.

对于微软来说，这是一个重要的月份，所有部门，包括医疗保健It部门，都应该注意安全常见漏洞和风险。

Tyler Reguly, senior manager of security research and development at security firm Fortra, said on Patch Tuesday this week that the 149 CVEs Microsoft issued in April will keep enterprises busy.

安全公司Fortra的安全研究与开发高级经理泰勒·雷格利（Tyler Reguly）本周周二在补丁中表示，微软4月份发布的149个CVE将使企业保持忙碌。

'We saw 56, 73 and 61 Microsoft-issued CVEs released for January, February and March,' he said by email.

他在电子邮件中说，我们看到1月、2月和3月发布了56、73和61个微软发行的CVE。

'What is most notable is that a third of the vulnerabilities reference either Microsoft Security Boot or Microsoft SQL Server. Additionally, Azure features, including Microsoft Defender for [Internet of Things], account for 15 of the CVEs patched this month,” he added.

'最值得注意的是，三分之一的漏洞涉及Microsoft Security Boot或Microsoft SQL Server。此外，Azure功能，包括用于[物联网]的Microsoft Defender，占本月修补的CVE的15个，”他补充道。

Andrea Fox is senior editor of Healthcare IT News.

AndreaFox是《医疗保健IT新闻》的高级编辑。

Email: afox@himss.orgHealthcare IT News is a HIMSS Media publication.

电子邮件：afox@himss.orgHealthcareIT News是HIMSS的媒体出版物。

Topics: Compliance & Legal, Data Warehousing, Government & Policy, Privacy & Security

主题：法规遵从性与法律、数据仓库、政府与政策、隐私与安全

More regional news

更多地区新闻

ChatGPT's potential impact on preventative care and emergency visitsBy Bill SiwickiApril 12, 2024

ChatGPT对预防保健和紧急就诊的潜在影响Bill SiwickiApril 12024

HIMSSCast: Providers very optimistic on AI's future in healthcare, new study saysBy Bill SiwickiApril 12, 2024

Himscast：提供者对人工智能在医疗保健领域的未来非常乐观，BillSiwickiapril 12024的新研究表示

Digital messaging surge between doctors and patients requires EHR managementBy Nathan EddyApril 12, 2024

医生和患者之间的数字信息激增需要EHR管理Nathan EddyApril 12024

Made clear across the healthcare cybersecurity landscape this week is the specter of a potential double extortion attack by RansomHub looming over Change Healthcare following its February cyberattack by ALPHV.

在本周的医疗保健网络安全格局中，人们清楚地看到，继2月份ALPHV的网络攻击之后，勒索中心（RansomHub）可能会对Change healthcare发起双重勒索攻击。

Further, a whirlwind of news on LockBit portends a complicated tale of international espionage and potential new threats to healthcare organizations from this group. We spoke to several cybersecurity leaders this week for healthcare's takeaways.

此外，LockBit上的新闻旋风预示着一个复杂的国际间谍故事，以及这个群体对医疗保健组织的潜在新威胁。本周，我们就医疗保健的收获与几位网络安全领导人进行了交谈。

Double extortion for Change Healthcare

改变医疗保健的双重勒索

Multiple sources reported the RansomHub ransomware-as-a-service group claimed possession of 4TB of stolen Change Healthcare data and threatened to make it public if a ransom is not paid.

多位消息人士报告称，勒索中心勒索软件即服务集团声称拥有4TB被盗的Change Healthcare数据，并威胁称如果不支付赎金，将公开这些数据。

'Double extortion actually seems completely in line with what they might do,' Joel Burleson-Davis, senior vice president of worldwide engineering of cyber at Imprivata, said by email Friday.

Imprivata全球网络工程高级副总裁乔尔·伯莱森·戴维斯（JoelBurlesonDavis）周五通过电子邮件表示，双重勒索实际上似乎完全符合他们的行为。

'The other dynamic is that these are business models so if they want payout they need to hold up their end of the bargain, sort of like a contract situation. Double extortion is like a risk/reward scenario for their future business model,' he explained.

“另一个动态是，这些都是商业模式，所以如果他们想要支付，他们需要保持谈判的结束，有点像合同情况。他解释说，双重勒索就像是他们未来商业模式的风险/回报情景。

Last month, SOCRadar posted a RansomHub profile and reported that, in contrast to other ransomware groups, the group's ransom payments are initially sent to affiliates for a take of 90%.

上个月，SOCRadar发布了勒索中心（RansomHub）的个人资料，并报告称，与其他勒索软件集团相比，该集团的勒索付款最初发送给附属公司，收取90%。

Meanwhile, vx-underground, a trove of malware source code samples and information, according to its X profile, said Monday that ALPHV affiliates moved to RansomHub.

与此同时，根据其X档案，vx underground（一个恶意软件源代码样本和信息宝库）周一表示，ALPHV附属公司已迁至勒索中心。

'Change Healthcare and UnitedHealth, you have one chance to protecting your clients data. The data has not been leaked anywhere and any decent threat intelligence would confirm that the data has not been shared nor posted,' the group allegedly posted Monday, according to a screenshot a group called Dark Web Informer shared on the social media platform X. .

“改变Healthcare和UnitedHealth，您只有一次机会保护您的客户数据。据社交媒体平台X上一个名为“黑暗网络告密者”的组织发布的屏幕截图显示，该组织据称于周一发布了该数据，该数据未在任何地方泄漏，任何像样的威胁情报都将证实该数据未被共享或发布。

Also on the alleged RansomHub dark website page, the group added, 'We have the data and not ALPHV.'

该组织还在被指控的勒索中心（RansomHub dark）网站页面上补充道，“我们有数据，而不是ALPHV。”

The Department of Justice announced it seized ALPHV Blackcat in December, but then the Blackcat group claimed responsibility for the Change Healthcare attack in February and reported having medical, insurance and dental records, along with payment and claims data and the personally identifiable information of patients along with U.S.

司法部宣布于12月查获了ALPHV Blackcat，但随后Blackcat集团声称对2月的Change Healthcare袭击负责，并报告称其拥有医疗、保险和牙科记录，以及支付和索赔数据以及患者的个人身份信息以及美国。

military/navy personnel data. .

军事/海军人员数据。。

In March, ALPHV listed the ransom payment, and the site shut down with a second law enforcement seizure, notices the investigating agencies denied posting.

3月，ALPHV列出了赎金支付清单，该网站因第二次执法查封而关闭，调查机构拒绝发布通知。

Whether the group is a related or unrelated set of threat actors trying to get UnitedHealth Group to pay more than the $22 million worth of Bitcoin it may have already paid to help restore Change Healthcare systems and release strain on providers after the ransomware outage, the potential to leak the enormous trove of protected health data is alarming for the entire healthcare ecosystem..

无论该集团是一组相关或不相关的威胁参与者，试图让联合健康集团（UnitedHealth group）支付超过2200万美元的比特币，以帮助恢复变化的医疗保健系统，并在勒索软件中断后缓解提供商的压力，泄漏大量受保护健康数据的可能性对整个医疗保健生态系统来说都是令人担忧的。。

Greg Surla told Healthcare IT News Thursday the risk of such a large-scale data breach on healthcare organizations is 'complex and disturbing.'

格雷格·苏拉（GregSurla）周四对《医疗IT新闻》（Healthcare IT News）表示，医疗机构发生如此大规模数据泄露的风险“复杂而令人不安”

'This new threat of data exposure from a second party reinforces the importance of business continuity planning as it may be difficult to predict when an attack is truly over,' he stressed by email.

他在电子邮件中强调说，这种来自第二方的数据暴露的新威胁加强了业务连续性规划的重要性，因为可能很难预测攻击何时真正结束。

'Furthermore, the latest developments intensify the need to ensure that PHI is protected using strong security controls, aligned with industry best practices and any breaches are reported to [U.S. Health and Human Services] and affected individuals without significant delay following a breach.'

“此外，最新发展更加需要确保PHI受到严格的安全控制，并与行业最佳实践保持一致，并且在违规后立即向[美国卫生与公众服务]和受影响个人报告任何违规行为。”

Burleson-Davis added that a potential double extortion scenario is 'why we need more regulations around third-party access' and robust security programs, like privileged access management tools, 'can avoid some of this stuff.'

Burleson-Davis补充说，潜在的双重勒索情况是“为什么我们需要更多关于第三方访问的法规”，而强大的安全程序，如特权访问管理工具，“可以避免一些此类事情。”

'[UHG] has likely done as much forensics as possible and if they had an undetected second breach, it really could be a second actor acting. But what’s to say there’s not a third, or fourth?,” he explained to Healthcare IT News.

“（UHG）可能已经尽可能多地进行了取证，如果他们有未被发现的第二次违规行为，那真的可能是第二个演员的行为。但是怎么说没有第三个或第四个呢？”他向医疗IT新闻解释道。

'The fact that there’s additional activity that looks like a second breach or a double extortion means that they are still in the thick of this and not out of the woods yet,” he added. 'If there’s many different actors present in their system now, the road to recovery will be way longer, way more expensive, and way more impactful..

他补充道：“事实上，还有类似第二次违规或双重勒索的额外活动，这意味着他们仍处于困境，尚未脱离险境。”如果现在他们的系统中有许多不同的参与者，那么复苏之路将更长、更昂贵、更具影响力。。

'How do they know they’re clean? This creates a giant risk profile.'

“他们怎么知道自己是干净的？这就产生了巨大的风险。”

SC Media noted in its report Monday that RansomHub is giving UHG and Optum 12 days to pay, or will leak Change Healthcare's data.

SC Media在周一的报告中指出，RansomHub将给UHG和Optum 12天的付款时间，否则将泄露Change Healthcare的数据。

Researchers unravel LockBit

研究人员解开了锁链

In February, DOJ and the U.S. Federal Bureau of Investigation announced an international team of law enforcement officials collaborated through a coordinated government-led ransomware defense campaign called Operation Cronos and seized the Lockbit ransomware gang servers, providing decryptors to numerous organizations across sectors..

2月，美国司法部和美国联邦调查局宣布，一支由执法官员组成的国际团队通过一项名为“克罗诺斯行动”的协调政府主导的勒索软件防御运动进行合作，并查获了锁定勒索软件团伙服务器，为各部门的众多组织提供解密程序。。

Lockbit, a ransomware group known to attack healthcare organizations – although it apologized to Toronto-based SickKids and offered a decryptor in 2023 – appears it will not go down without a fight.

洛克比特（Lockbit）是一家勒索软件集团，以攻击医疗保健组织而闻名，尽管它在2023年向多伦多的SickKids道歉并提供了解密程序，但它似乎不会不战而退。

Last week, Trend Micro released details on how LockBit operated after the disruption of Operation Cronos. The company said while attempting to stay afloat with a new version, as the group is most likely working on LockBit 4.0, it may have recently released the variant LockBit-NG-Dev.

上周，趋势科技（Trend Micro）发布了有关克罗诺斯行动（Operation Cronos）中断后LockBit如何运作的详细信息。该公司表示，虽然该集团很可能正在开发LockBit 4.0，但在尝试推出新版本时，它可能最近发布了LockBit-NG-Dev变体。

After researching the threat actors associated with the group, Trend Micro researchers said they question LockBit's ability to attract top affiliates based on the group's 'logistical, technical and reputational' failures in 2023.

Trend Micro研究人员在研究了与该集团相关的威胁因素后表示，他们质疑LockBit在2023年因该集团“后勤、技术和声誉”方面的失败而吸引顶级附属公司的能力。

There was also speculation Thursday that LockBit is rebranding as DarkVault, according to a Cybernews report.

据网络新闻报道，周四也有传言称，洛克比特将更名为达克瓦特。

Meanwhile, an unnamed source told Bloomberg Wednesday that law enforcement investigators have linked pseudonyms used by the LockBit hacking gang to specific individuals and are tracking down a list of 200 leads to LockBit associates.

与此同时，一位不愿透露姓名的消息人士周三告诉彭博社，执法调查人员已将LockBit黑客团伙使用的假名与特定个人联系起来，并正在追踪200条与LockBit有关联的线索。

The DOJ also said when it announced the seizure of LockBit's assets that it unsealed indictments in New Jersey and California for the Russian nationals Artur Sungatov and Ivan Kondratyev, also known as the cybercriminal Bassterlord, for deploying LockBit against numerous victims throughout the United States. .

司法部还表示，在宣布扣押LockBit的资产时，它在新泽西州和加利福尼亚州对俄罗斯国民Artur Sungatov和Ivan Kondratyev（也称为网络罪犯Bassterlord）提起了起诉书，指控他们在美国各地部署LockBit对付众多受害者。。

Sungatov and Kondratyev are not in custody but have been sanctioned by the U.S. Treasury, according to a February story in TechCrunch, meaning any connection by any U.S. business or individual paying them runs the risk of fines and/or criminal prosecution.

据TechCrunch 2月份的报道，Sungatov和Kondratyev目前尚未被拘留，但已得到美国财政部的制裁，这意味着任何美国企业或个人向他们付款的任何关联都有被罚款和/或刑事起诉的风险。

Microsoft CVEs double in April

微软CVEs四月翻番

The Cybersecurity and Infrastructure Security Agency issued an emergency directive last week to address the impact on federal agencies from a breach of Microsoft.

网络安全和基础设施安全局（Cybersecurity and Infrastructure Security Agency）上周发布了一项紧急指令，以应对违反微软（Microsoft）规定对联邦机构造成的影响。

'The Russian state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch agencies and Microsoft through a successful compromise of Microsoft corporate email accounts,' CISA said in the April 2 announcement.

CISA在4月2日的公告中表示，俄罗斯国家赞助的网络演员午夜暴雪（Midnight Blizzard）通过成功折衷微软公司电子邮件账户，泄露了联邦文职行政部门机构与微软之间的电子邮件通信。

The FCEB agencies are required to 'analyze the content of exfiltrated emails, reset compromised credentials and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure,' the top U.S. cybersecurity agency said.

美国顶级网络安全机构表示，FCEB机构需要“分析泄露电子邮件的内容，重置受损凭据，并采取其他步骤确保特权Microsoft Azure帐户的身份验证工具安全。”。

It's a big month for Microsoft security common vulnerabilities and exposures that all sectors, including healthcare IT, should pay attention to.

对于微软来说，这是一个重要的月份，所有部门，包括医疗保健It部门，都应该注意安全常见漏洞和风险。

Tyler Reguly, senior manager of security research and development at security firm Fortra, said on Patch Tuesday this week that the 149 CVEs Microsoft issued in April will keep enterprises busy.

安全公司Fortra的安全研究与开发高级经理泰勒·雷格利（Tyler Reguly）本周周二在补丁中表示，微软4月份发布的149个CVE将使企业保持忙碌。

'We saw 56, 73 and 61 Microsoft-issued CVEs released for January, February and March,' he said by email.

他在电子邮件中说，我们看到1月、2月和3月发布了56、73和61个微软发行的CVE。

'What is most notable is that a third of the vulnerabilities reference either Microsoft Security Boot or Microsoft SQL Server. Additionally, Azure features, including Microsoft Defender for [Internet of Things], account for 15 of the CVEs patched this month,” he added.

'最值得注意的是，三分之一的漏洞涉及Microsoft Security Boot或Microsoft SQL Server。此外，Azure功能，包括用于[物联网]的Microsoft Defender，占本月修补的CVE的15个，”他补充道。

Andrea Fox is senior editor of Healthcare IT News.

AndreaFox是《医疗保健IT新闻》的高级编辑。

Email: afox@himss.orgHealthcare IT News is a HIMSS Media publication.

电子邮件：afox@himss.orgHealthcareIT News是HIMSS的媒体出版物。