Cherry

Malware Profile Updated a month ago
Download STIX
Preview STIX
Cherry is a malicious software, or malware, that has recently impacted Cherry Health, a Michigan-based healthcare provider. The malware infiltrated the system through unknown means, disrupting operations and causing a significant ransomware attack. This incident underscores the security challenges faced by many healthcare entities, particularly those providing care in underserved communities. As is common with such incidents, the breach occurred without initial detection, highlighting the covert nature of these cyber threats. The attack on Cherry Health took place in December 2023 and affected more than 184,000 individuals. The breach was severe enough to impact the organization's ability to provide services, although it is not clear whether this led to any patient information being misused. In response to the incident, Cherry Health has provided affected individuals with 12 months of complimentary identity and credit monitoring. Despite the breach, Cherry Health stated that they are not aware of any evidence suggesting misuse of information as a result of the incident. This incident involving Cherry malware reflects a broader issue facing healthcare providers across the country. Many such organizations, including small clinics, specialty medical practices, rural hospitals, and providers aiding underserved communities, often face similar cybersecurity challenges. The situation at Cherry Health underlines the need for robust cybersecurity measures within the healthcare sector to protect sensitive patient data and ensure uninterrupted provision of critical health services.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Netwalker
1
NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne
ITG23
1
ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Health
Ransomware
Encryption
Malware
Github
Trojan
Chromium
Safari
Bitcoin
Proxy
Fraud
Healthcare
Encrypt
Nginx
Microsoft
Apache
Tiktok
Apple
Openai
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Cherry PickerUnspecified
1
Cherry Picker is a sophisticated form of malware designed to exploit and damage computer systems while remaining largely undetected. Its innovative approach includes the use of configuration files, encryption, obfuscation, command line arguments, and carefully chosen targets to evade security contro
TrickBotUnspecified
1
TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked
OctopusUnspecified
1
Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for
RedlineUnspecified
1
RedLine is a malware designed to exploit and damage computer systems by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been identified as a favorite infostealer among threat actors selling logs through the marketplace 2easy, which also sells Rac
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
IcedIDUnspecified
1
IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
LockBitSuppUnspecified
1
LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cherry Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
Meet the Ransomware Negotiators
Malwarebytes
3 months ago
Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10 | Malwarebytes
Checkpoint
3 months ago
22nd April – Threat Intelligence Report - Check Point Research
BankInfoSecurity
3 months ago
Hack on Clinic Serving Homeless Is Latest Hit to Underserved
CERT-EU
4 months ago
EU AI Act: Cyber pros sound off on rules for ‘high-risk’ AI, deepfakes
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
LockBit Leak Week ends with… a big dull dud
CERT-EU
6 months ago
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs
CERT-EU
6 months ago
Microsoft ‘Cherry-picked’ Examples to Make its AI Seem Functional, Leaked Audio Revealed
CERT-EU
6 months ago
Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack
CERT-EU
7 months ago
A leaked presentation reveals how Microsoft built one of its top generative AI products, from cherry picking outputs to pitching government customers
BankInfoSecurity
7 months ago
OpenAI: Gen AI 'Impossible' Without Copyrighted Material
CERT-EU
7 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
7 months ago
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
Bitcoin Price Climbs 3% on US Shutdown and Yields Gloom, But Bitcoin Minetrix Raises $200,000 and Is the Real Winner
CERT-EU
9 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
10 months ago
Strengthening Your School Safety Ecosystem through Effective Policies, Procedures, and Technology | #schoolsaftey | National Cyber Security Consulting
CERT-EU
9 months ago
GovNavigators | Federal News Network