What’s occurred?
The US authorities warned healthcare organizations concerning the danger of being focused by the ALPHV BlackCat ransomware after a surge in assaults.
I assumed ALPHV BlackCat had been taken down by the cops?
Effectively remembered. Shortly earlier than Christmas, the US Division of Justice (DOJ) introduced that it had disrupted the gang’s operations and seized decryption keys to assist tons of of victims unlock their information with out paying a ransom.
So what’s gone unsuitable?
I am afraid ALPHV BlackCat got here again.
In reality, inside hours of the DOJ’s announcement, the ransomware gang stated it had “unseized” its area and threatened retaliation in opposition to international locations that assisted in its takedown and knowledgeable associates they had been now free to assault hospitals.
“Due to their actions, we’re introducing new guidelines, or quite, we’re eradicating ALL guidelines, besides one, you can not contact the CIS (crucial infrastructure sectors), now you can block hospitals, nuclear energy crops, something, wherever.”
So, they don’t seem to be taking part in good anymore?
They by no means actually “performed good.”
And based on an up to date advisory revealed by the US Cybersecurity and Infrastructure Safety Company (CISA), healthcare has been the “mostly victimized” sector by the ALPHV BlackCat ransomware gang since mid-December 2023.
Pharmacies in the US, together with Walgreens and CVS Well being. A ransomware assault in opposition to expertise supplier Change Healthcare is disrupting the power of pharmacies to meet orders from sufferers who want to pay for his or her medical prescriptions by their insurance coverage.
ALPHV BlackCat claimed accountability for the assault in opposition to Change Healthcare and stated it stole 6TB value of knowledge.
So, if I can not pay money for my meds it is BlackCat’s fault?
Proper.
What does the up to date advisory say?
It is value studying even if you happen to do not work in healthcare – it is not simply hospitals and their suppliers in danger from ransomware assaults.
The advisory consists of probably the most present identified indicators of compromise (IOCs), and particulars of the strategies related to the ALPHV BlackCat gang and its associates.
ALPHV Blackcat associates typically use social engineering to achieve preliminary entry to your organization’s community. For example, the attackers have been identified to pose as IT and helpdesk workers on the focused firm, utilizing cellphone calls and SMS messages to trick unsuspecting staff into handing over login credentials.
The place can I learn extra about BlackCat?
In February 2022, we revealed an FAQ, “BlackCat ransomware – what you have to know” which is a superb place to begin.
Editor’s Observe: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially replicate these of Tripwire.
