Security News

Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. The most impactful attack of 2024 so far is the attack on UnitedHealth Group's subsidiary Change Healthcare, which has had significant consequences for the US healthcare system. To make matters worse, the BlackCat ransomware operation, aka ALPHV, claims to have stolen 6TB of data from Change Healthcare during the attack, containing the personal information of millions of people.

There appears to be an uptick in interest among cybercriminals in infostealers - malware designed to swipe online account passwords, financial info, and other sensitive data from infected PCs - as a relatively cheap and easy way to get a foothold in organizations' IT environments to deploy devastating ransomware. If ransomware crews don't want to deploy infostealers themselves, they have the option of paying for copies of credentials harvested from countless infected PCs and exploiting them to get into networks where they can run their extortionware, which might exfiltrate documents, encrypt data, demand a ransom to end the pain, and so on.

The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. Today, the Rhysida ransomware gang has listed Lurie Children's on its extortion portal on the dark web, claiming to have stolen 600 GB of data from the hospital.

The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group, which led to an ongoing outage affecting the Change Healthcare platform. Change Healthcare is the largest payment exchange platform used by more than 70,000 pharmacies across the United States.

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70...

Today, the FBI, CISA, and the Department of Health and Human Services warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups.

The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.

The story has been updated to clarify that the Hessen Consumer Center is not part of the government. The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.

The German state of Hessen has been hit with a ransomware attack, causing the government to shut down IT systems and disrupting the availability of its consumer advice center. Hessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest metropolitan area and a major financial center.