In the present day, the FBI, CISA, and the Division of Well being and Human Companies (HHS) warned U.S. healthcare organizations of focused ALPHV/Blackcat ransomware assaults.
“ALPHV Blackcat associates have been noticed primarily concentrating on the healthcare sector,” the joint advisory cautions.
In the present day’s warning follows an April 2022 FBI flash alert and one other advisory issued in December 2023 detailing the BlackCat cybercrime gang’s exercise because it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware teams.
The FBI linked BlackCat to over 60 breaches throughout its first 4 months of exercise (between November 2021 and March 2022) and stated the gang has raked in not less than $300 million in ransoms from over 1,000 victims till September 2023.
“Since mid-December 2023, of the practically 70 leaked victims, the healthcare sector has been probably the most generally victimized,” the three federal companies warned in today’s joint advisory.
“That is possible in response to the ALPHV Blackcat administrator’s submit encouraging its associates to focus on hospitals after operational motion towards the group and its infrastructure in early December 2023.”
The FBI, CISA, and HHS suggested vital infrastructure organizations to take vital mitigation measures to reduce the probability and affect of Blackcat ransomware and knowledge extortion incidents.
Furthermore, they’ve urged healthcare organizations to implement cybersecurity safeguards to counteract prevalent techniques, methods, and procedures generally employed throughout the Healthcare and Public Well being (HPH) sector.
BlackCat now utilizing ScreenConnect for preliminary entry
In the present day’s advisory comes after the BlackCat ransomware operation was linked to a cyberattack on UnitedHealth Group subsidiary Optum that triggered an ongoing outage impacting Change Healthcare, the biggest cost change platform connecting medical doctors, pharmacies, healthcare suppliers, and sufferers within the U.S. healthcare system.
Whereas UnitedHealth Group VP Tyler Mason didn’t affirm the BlackCat hyperlink in a press release shared with BleepingComputer, he stated that 90% of the 70,000+ pharmacies utilizing the impacted platform have switched to new digital declare processes.
Sources accustomed to the investigation informed BleepingComputer that Change Healthcare has been conducting Zoom calls with companions within the healthcare trade to supply updates because the assault hit its methods.
BleepingComputer discovered the assault had been linked to the BlackCat ransomware group by forensic specialists investigating the incident and that the menace actors breached the community utilizing the actively exploited critical ScreenConnect auth bypass vulnerability (CVE-2024-1709).
Though the FBI, CISA, and the HHS didn’t hyperlink right now’s advisory to the Change Healthcare incident, they shared indicators of compromise that affirm our reporting that the BlackCat ransomware gang is concentrating on susceptible ScreenConnect servers for distant entry into sufferer networks.
​The FBI disrupted the BlackCat gang’s operations in December by taking down its Tor negotiation and leak websites. The gang’s servers were also hacked, which allowed legislation enforcement to create a decryptor utilizing collected keys throughout a months-long intrusion.
BlackCat has since “unseized” their websites and switched to a brand new Tor leak website that the FBI has not but taken down.
The U.S. State Division offers rewards of as much as $10 million for particulars resulting in the identification or location of BlackCat gang leaders and $5 million for recommendations on people linked to the group’s ransomware assaults.
