Security News > 2024 > February > FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
Today, the FBI, CISA, and the Department of Health and Human Services warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.
Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups.
Today's advisory comes after the BlackCat ransomware operation was linked to a cyberattack on UnitedHealth Group subsidiary Optum that triggered an ongoing outage impacting Change Healthcare, the largest payment exchange platform connecting doctors, pharmacies, healthcare providers, and patients in the U.S. healthcare system.
BleepingComputer learned the attack had been linked to the BlackCat ransomware group by forensic experts investigating the incident and that the threat actors breached the network using the actively exploited critical ScreenConnect auth bypass vulnerability.
Even though the FBI, CISA, and the HHS didn't link today's advisory to the Change Healthcare incident, they shared indicators of compromise that confirm our reporting that the BlackCat ransomware gang is targeting vulnerable ScreenConnect servers for remote access into victim networks.
The U.S. State Department offers rewards of up to $10 million for details leading to the identification or location of BlackCat gang leaders and $5 million for tips on individuals linked to the group's ransomware attacks.
News URL
Related news
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)