Stolen Citrix Credentials Resulted in a Ransomware Attack

Stolen Citrix Credentials Resulted in a Ransomware Attack

The Change Healthcare ransomware attack in February was initiated through compromised credentials for a Citrix remote access portal, lacking multi-factor authentication as per UnitedHealth Group CEO Andrew Witty’s recent testimony. The threat actors gradually escalated within the system to extract data before deploying ransomware nine days later. Witty defended his decision to pay a $22 … Read more