Labcorp

LabCorp, one of the largest clinical labs in the U.S., experienced Samsam ransomware attack.

The ransomware was able to encrypt thousands of systems and several hundred production servers.

The LabCorp SOC (Security Operation Center) immediately took action after that first system was encrypted, alerting IR teams and severing various links and connections.

The quick actions neutralized the attack within 50 minutes.

However, before the attack was fully contained, 7,000 systems and 1,900 servers were impacted. Of those 1,900 servers, 350 were production servers.

Only Windows systems were impacted, nothing left the network during the attack, so the company is confident that there was no data breach.

Source: https://www.csoonline.com/article/3291617/samsam-infected-thousands-of-labcorp-systems-via-brute-force-rdp.html

"id": "LAB2291122",
"linkid": "labcorp",
"type": "Ransomware",
"date": "07/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"