Security News > 2024 > February > FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks

Today, the FBI, CISA, and the Department of Health and Human Services warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.

Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups.

Today's advisory comes after the BlackCat ransomware operation was linked to a cyberattack on UnitedHealth Group subsidiary Optum that triggered an ongoing outage impacting Change Healthcare, the largest payment exchange platform connecting doctors, pharmacies, healthcare providers, and patients in the U.S. healthcare system.

BleepingComputer learned the attack had been linked to the BlackCat ransomware group by forensic experts investigating the incident and that the threat actors breached the network using the actively exploited critical ScreenConnect auth bypass vulnerability.

Even though the FBI, CISA, and the HHS didn't link today's advisory to the Change Healthcare incident, they shared indicators of compromise that confirm our reporting that the BlackCat ransomware gang is targeting vulnerable ScreenConnect servers for remote access into victim networks.

The U.S. State Department offers rewards of up to $10 million for details leading to the identification or location of BlackCat gang leaders and $5 million for tips on individuals linked to the group's ransomware attacks.

News URL

https://www.bleepingcomputer.com/news/security/fbi-cisa-warn-us-hospitals-of-targeted-blackcat-ransomware-attacks/