What’s occurred?
The US authorities warned healthcare organizations in regards to the danger of being focused by the ALPHV BlackCat ransomware after a surge in assaults.
I assumed ALPHV BlackCat had been taken down by the cops?
Nicely remembered. Shortly earlier than Christmas, the US Division of Justice (DOJ) announced that it had disrupted the gang’s operations and seized decryption keys to assist a whole lot of victims unlock their information with out paying a ransom.
So what’s gone improper?
I am afraid ALPHV BlackCat got here again.
In actual fact, inside hours of the DOJ’s announcement, the ransomware gang mentioned it had “unseized” its area and threatened retaliation towards international locations that assisted in its takedown and knowledgeable associates they had been now free to assault hospitals.
“Due to their actions, we’re introducing new guidelines, or reasonably, we’re eradicating ALL guidelines, besides one, you can’t contact the CIS (crucial infrastructure sectors), now you can block hospitals, nuclear energy crops, something, anyplace.”
So, they are not enjoying good anymore?
They by no means actually “performed good.”
And in keeping with an up to date advisory published by the US Cybersecurity and Infrastructure Safety Company (CISA), healthcare has been the “mostly victimized” sector by the ALPHV BlackCat ransomware gang since mid-December 2023.
Pharmacies in the USA, together with Walgreens and CVS Well being. A ransomware attack against technology provider Change Healthcare is disrupting the power of pharmacies to satisfy orders from sufferers who want to pay for his or her medical prescriptions via their insurance coverage.
ALPHV BlackCat claimed accountability for the assault towards Change Healthcare and mentioned it stole 6TB value of knowledge.
So, if I can not pay money for my meds it is BlackCat’s fault?
Proper.
What does the up to date advisory say?
It is value studying even in the event you do not work in healthcare – it is not simply hospitals and their suppliers in danger from ransomware assaults.
The advisory consists of essentially the most present recognized indicators of compromise (IOCs), and particulars of the strategies related to the ALPHV BlackCat gang and its associates.
ALPHV Blackcat associates usually use social engineering to realize preliminary entry to your organization’s community. As an example, the attackers have been recognized to pose as IT and helpdesk workers on the focused firm, utilizing cellphone calls and SMS messages to trick unsuspecting workers into handing over login credentials.
The place can I learn extra about BlackCat?
In February 2022, we revealed an FAQ, “BlackCat ransomware – what you need to know” which is a good start line.
Editor’s Word: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.
