The FBI, along with CISA and the Department of Health and Human Services (HHS), has issued a stern warning to healthcare organizations in the United States regarding the escalating threat of ALPHV/Blackcat ransomware attacks. This advisory underscores the primary targeting of the healthcare sector by ALPHV Blackcat affiliates, emphasizing the urgency for heightened vigilance within the industry. Notably, the joint advisory follows previous alerts, including an April 2022 FBI flash alert and a December 2023 advisory, shedding light on BlackCat’s criminal activities since its emergence in November 2021, suspected to be a rebranding of DarkSide and BlackMatter ransomware groups.
The FBI’s investigation has linked the BlackCat gang to over 60 breaches within its initial four months of activity, with reported ransom earnings exceeding $300 million from over 1,000 victims until September 2023. Of particular concern is the healthcare sector’s vulnerability, as it has become the primary target since mid-December 2023, with nearly 70 leaked victims indicating a focused campaign against hospitals. This surge in attacks follows an administrator’s post within the ALPHV Blackcat group, urging affiliates to target healthcare facilities after operational setbacks in early December 2023.
In response to the heightened threat posed by Blackcat ransomware, the federal agencies advise critical infrastructure entities, particularly healthcare organizations, to implement robust mitigation measures. They stress the importance of cybersecurity safeguards tailored to counteract the evolving tactics, techniques, and procedures commonly deployed within the Healthcare and Public Health (HPH) sector. This advisory underscores the critical need for proactive measures to defend against ransomware attacks and data extortion incidents, given the relentless pursuit of healthcare organizations by cybercriminals affiliated with the BlackCat gang.
