Healthcare sector warned of ALPHV BlackCat ransomware after surge in targeted attacks
What’s happened?
The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks.
I thought ALPHV BlackCat had been taken down by the cops?
Well remembered. Shortly before Christmas, the US Department of Justice (DOJ) announced that it had disrupted the gang’s operations and seized decryption keys to help hundreds of victims unlock their files without paying a ransom.
So what’s gone wrong?
I’m afraid ALPHV BlackCat came back.
In fact, within hours of the DOJ’s announcement, the ransomware gang said it had “unseized” its domain and threatened retaliation against countries that assisted in its takedown and informed affiliates they were now free to attack hospitals.
“Because of their actions, we are introducing new rules, or rather, we are removing ALL rules, except one, you cannot touch the CIS (critical infrastructure sectors), you can now block hospitals, nuclear power plants, anything, anywhere.”
So, they’re not playing nice anymore?
They never really “played nice.”
And according to an updated advisory published by the US Cybersecurity and Infrastructure Security Agency (CISA), healthcare has been the “most commonly victimized” sector by the ALPHV BlackCat ransomware gang since mid-December 2023.
Pharmacies in the United States, including Walgreens and CVS Health. A ransomware attack against technology provider Change Healthcare is disrupting the ability of pharmacies to fulfill orders from patients who wish to pay for their medical prescriptions through their insurance.
ALPHV BlackCat claimed responsibility for the attack against Change Healthcare and said it stole 6TB worth of data.
So, if I can’t get hold of my meds it’s BlackCat’s fault?
Right.
What does the updated advisory say?
It’s worth reading even if you don’t work in healthcare – it’s not just hospitals and their suppliers at risk from ransomware attacks.
The advisory includes the most current known indicators of compromise (IOCs), and details of the techniques associated with the ALPHV BlackCat gang and its affiliates.
ALPHV Blackcat affiliates often use social engineering to gain initial access to your company’s network. For instance, the attackers have been known to pose as IT and helpdesk staff at the targeted company, using phone calls and SMS messages to trick unsuspecting employees into handing over login credentials.
Where can I read more about BlackCat?
In February 2022, we published an FAQ, “BlackCat ransomware – what you need to know” which is a great starting point.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.