What’s occurred?
The US authorities warned healthcare organizations concerning the threat of being focused by the ALPHV BlackCat ransomware after a surge in assaults.
I assumed ALPHV BlackCat had been taken down by the cops?
Properly remembered. Shortly earlier than Christmas, the US Division of Justice (DOJ) introduced that it had disrupted the gang’s operations and seized decryption keys to assist lots of of victims unlock their information with out paying a ransom.
So what’s gone mistaken?
I am afraid ALPHV BlackCat got here again.
In reality, inside hours of the DOJ’s announcement, the ransomware gang stated it had “unseized” its area and threatened retaliation in opposition to international locations that assisted in its takedown and knowledgeable associates they had been now free to assault hospitals.
“Due to their actions, we’re introducing new guidelines, or fairly, we’re eradicating ALL guidelines, besides one, you can not contact the CIS (vital infrastructure sectors), now you can block hospitals, nuclear energy crops, something, anyplace.”
So, they are not taking part in good anymore?
They by no means actually “performed good.”
And in keeping with an up to date advisory printed by the US Cybersecurity and Infrastructure Safety Company (CISA), healthcare has been the “mostly victimized” sector by the ALPHV BlackCat ransomware gang since mid-December 2023.
Pharmacies in the US, together with Walgreens and CVS Well being. A ransomware assault in opposition to expertise supplier Change Healthcare is disrupting the power of pharmacies to meet orders from sufferers who want to pay for his or her medical prescriptions by way of their insurance coverage.
ALPHV BlackCat claimed duty for the assault in opposition to Change Healthcare and stated it stole 6TB value of information.
So, if I can not pay money for my meds it is BlackCat’s fault?
Proper.
What does the up to date advisory say?
It is value studying even if you happen to do not work in healthcare – it is not simply hospitals and their suppliers in danger from ransomware assaults.
The advisory consists of essentially the most present recognized indicators of compromise (IOCs), and particulars of the strategies related to the ALPHV BlackCat gang and its associates.
ALPHV Blackcat associates usually use social engineering to realize preliminary entry to your organization’s community. As an illustration, the attackers have been recognized to pose as IT and helpdesk employees on the focused firm, utilizing cellphone calls and SMS messages to trick unsuspecting workers into handing over login credentials.
The place can I learn extra about BlackCat?
In February 2022, we printed an FAQ, “BlackCat ransomware – what you might want to know” which is a good place to begin.
Editor’s Observe: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.