The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has issued a warning about a new multi-extortion ransomware-as-a-service group called NoEscape, which is considered a successor to the disbanded Avaddon gang. Since its emergence in May 2023, NoEscape has rapidly become a significant threat in the cybersecurity landscape, targeting a wide range of industries with aggressive multi-extortion tactics.
While its primary focus has been on professional services, manufacturing, and information services organizations, it has also launched attacks on healthcare and public health entities. As of now, Darkfeed has recorded 77 victims of NoEscape attacks, and the ransom demands vary from hundreds of thousands to over $10 million.
The healthcare sector is particularly vulnerable to NoEscape’s attacks due to the value of healthcare and public health data, making it a lucrative target. The group employs a three-pronged extortion approach, combining data exfiltration and encryption with distributed denial of service (DDoS) attacks. This strategy aims to disrupt victims’ operations and exert pressure on organizations to pay the ransom.
NoEscape goes a step further by offering DDoS services to its affiliates for an additional $500,000 fee. However, there are restrictions on targeting entities in the Commonwealth of Independent States and ex-Soviet Union republics. Additionally, the group threatens to leak stolen data if their ransom demands are not met.
In summary, the emergence of NoEscape poses a substantial threat to a wide range of industries, with a significant focus on healthcare and public health organizations. Their aggressive tactics, extensive extortion demands, and DDoS capabilities make them a formidable adversary in the cybersecurity landscape. These developments emphasize the need for heightened cybersecurity measures, threat preparedness, and a robust response strategy to protect organizations from potential NoEscape attacks.
