April 13, 2024

What’s occurred?

The US authorities warned healthcare organizations in regards to the danger of being focused by the ALPHV BlackCat ransomware after a surge in assaults.

I believed ALPHV BlackCat had been taken down by the cops?

Nicely remembered. Shortly earlier than Christmas, the US Division of Justice (DOJ) announced that it had disrupted the gang’s operations and seized decryption keys to assist a whole bunch of victims unlock their recordsdata with out paying a ransom.

So what’s gone flawed?

I am afraid ALPHV BlackCat got here again.

In reality, inside hours of the DOJ’s announcement, the ransomware gang stated it had “unseized” its area and threatened retaliation towards nations that assisted in its takedown and knowledgeable associates they had been now free to assault hospitals.

“Due to their actions, we’re introducing new guidelines, or quite, we’re eradicating ALL guidelines, besides one, you can’t contact the CIS (crucial infrastructure sectors), now you can block hospitals, nuclear energy crops, something, wherever.”

So, they are not taking part in good anymore?

They by no means actually “performed good.”

And in response to an up to date advisory published by the US Cybersecurity and Infrastructure Safety Company (CISA), healthcare has been the “mostly victimized” sector by the ALPHV BlackCat ransomware gang since mid-December 2023.

Pharmacies in the US, together with Walgreens and CVS Well being. A ransomware attack against technology provider Change Healthcare is disrupting the flexibility of pharmacies to satisfy orders from sufferers who want to pay for his or her medical prescriptions via their insurance coverage.

ALPHV BlackCat claimed duty for the assault towards Change Healthcare and stated it stole 6TB price of information.

So, if I can not pay money for my meds it is BlackCat’s fault?


What does the up to date advisory say?

It is price studying even in case you do not work in healthcare – it is not simply hospitals and their suppliers in danger from ransomware assaults.

The advisory contains probably the most present recognized indicators of compromise (IOCs), and particulars of the strategies related to the ALPHV BlackCat gang and its associates.

ALPHV Blackcat associates typically use social engineering to realize preliminary entry to your organization’s community. As an illustration, the attackers have been recognized to pose as IT and helpdesk employees on the focused firm, utilizing cellphone calls and SMS messages to trick unsuspecting staff into handing over login credentials.

The place can I learn extra about BlackCat?

In February 2022, we revealed an FAQ, “BlackCat ransomware – what you have to know” which is a superb start line.

Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor and don’t essentially replicate these of Tripwire.