LabCorp, one of the largest clinical labs in the U.S., experienced Samsam ransomware attack.
The ransomware was able to encrypt thousands of systems and several hundred production servers.
The LabCorp SOC (Security Operation Center) immediately took action after that first system was encrypted, alerting IR teams and severing various links and connections.
The quick actions neutralized the attack within 50 minutes.
However, before the attack was fully contained, 7,000 systems and 1,900 servers were impacted. Of those 1,900 servers, 350 were production servers.
Only Windows systems were impacted, nothing left the network during the attack, so the company is confident that there was no data breach.
TPRM report: https://scoringcyber.rankiteo.com/company/labcorp
"id": "lab2291122",
"linkid": "labcorp",
"type": "Ransomware",
"date": "07/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'U.S.',
'name': 'LabCorp',
'type': 'Clinical Lab'}],
'description': 'LabCorp, one of the largest clinical labs in the U.S., '
'experienced a Samsam ransomware attack that encrypted '
'thousands of systems and several hundred production servers.',
'impact': {'systems_affected': ['7,000 systems',
'1,900 servers',
'350 production servers']},
'ransomware': {'data_encryption': True, 'ransomware_strain': 'Samsam'},
'response': {'containment_measures': ['severing various links and '
'connections'],
'incident_response_plan_activated': True},
'title': 'LabCorp Ransomware Attack',
'type': 'Ransomware'}