Summary:
CISA, the FBI, and the Department of Human Services have released a joint advisory warning about the resurgence of BlackCat ransomware. Since December 2023, this group has compromised 70+ victims, the majority of which reside in the healthcare sector. The development comes after one of ALPHV BlackCat’s administrators made a post encouraging affiliates to target hospitals after law enforcement’s takedown of the ransomware group’s infrastructure in early December 2023. As a way to help organizations defend against potential BlackCat attacks, the agencies have released updated details on the group including IOCs which can be accessed down below:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a

Security Officer Comments:
Despite law enforcement takedown efforts, ransomware groups like BlackCat and more recently LockBit have been quick to resume their normal operations as if nothing happened. The uptick in targeting of the healthcare sector is likely a form of retaliation by BlackCat after having its infrastructure targeted by law enforcement. Given that entities within the healthcare sector deal with patient data on a daily basis which includes sensitive PII information, BlackCat actors are hoping to secure a high number of ransom payments from victims as a way to recover from the latest takedown.

Suggested Corrections:
The agencies recommend organizations to:

• Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
• Prioritize remediation of known exploited vulnerabilities.
• Enable and enforce multifactor authentication with strong passwords.
• Close unused ports and remove applications not deemed necessary for day-to-day operations.

Link(s):
https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html