FBI warns US hospitals they may be hit by BlackCat ransomware, so be on their guard

News
By Sead Fadilpašić
published

FBI, CISA, and friends, update their StopRansomware advisory

ID theft
Image credit: Pixabay (Image credit: Future)

The Cybersecurity and Infrastructure Security Agency (CISA), together with the FBI and the US Department of Health and Human Services (HHS) is warning hospitals and other healthcare organizations in the country to be wary of ALPHV (BlackCat).

Earlier this week, the security agencies updated their advisory that helps organizations combat ransomware, saying that since mid-December 2023 the ALPHV ransomware operators (also known as BlackCat) have mostly been targeting firms in the healthcare sector.

In the last three months, almost 70 organizations have had their data leak on the dark web, most of which were hospitals and healthcare firms.

Change Healthcare attack a warning

The advisory says that the threat actors are improving their communications with the victims, by creating custom emails to notify of the initial compromise. 

Furthermore, the group has recently upgraded the encryption software to the 2.0 Sphynx upgrade, which provided additional features to affiliates, including better defense evasion and additional tooling.

“This ALPHV BlackCat update has the capability to encrypt both Windows and Linux devices, and VMWare instances. ALPHV BlackCat affiliates have extensive networks and experience with ransomware and data extortion operations,” the advisory reads.

Hospitals are urged to take necessary mitigation measures, to reduce the chances of falling prey to ransomware attacks.

Earlier this month, US health tech giant Change Healthcare suffered a ransomware attack, which was later confirmed to have originated from BlackCat.

The company recently posted a short announcement on its status update website, saying some applications were unavailable due to a “cyber security issue”. The incident forced parts of the company’s infrastructure offline, and some login pages were unavailable, leaving some users unable to access their prescriptions. 

TechCrunch disclosed that the attack was indeed ransomware, undertaken by ALPHV (BlackCat), citing a “healthcare executive with knowledge of the incident, who was on the call briefed by the company’s executives."

Next to LockBit and Cl0p, BlackCat is one of the world’s most prolific ransomware operators.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.