In the last few months, ransomware attacks on healthcare have been rampant, with numerous ransomware attacks aimed at hospitals and medical facilities, disrupting patient care and preventing prescription drug access in the United States.
The UnitedHealth Group subsidiary’s attack on Change Healthcare, which has had significant effects on the US healthcare system, has so far had the biggest impact in 2024. Later, the BlackCat ransomware operation was linked to this attack, with UnitedHealth confirming that the organization was responsible for it.
In the US healthcare system, doctors, pharmacists, and hospitals use an electronic payment exchange service called Change Healthcare to submit billing claims.
Significant service disruptions have been caused by the attack, which has had a significant impact on pharmacies that cannot charge customers to pick up prescription medications.
Patients have been forced to pay full price for their medications until the issue is resolved due to this disruption. Some medications can cost thousands of dollars, which makes it difficult for many people to pay for them.
In addition, ALPHV, a BlackCat ransomware operation, claims to have stolen 6TB of Change Healthcare’s personal data during the attack, revealing it to be millions of people’s personal data.
Following the attack, the FBI, CISA, and HHS issued a joint advisory warning about BlackCat hospital attacks.
The most serious incident of its kind was committed against a U.S. health care system, according to American Hospital Association ( AHA ) President and CEO Rick Pollack.
As a result of a protracted disruption of Change Healthcare’s systems, some hospitals and health systems may not be able to pay salaries for clinicians and other members of the care team, purchase the necessary medicines and supplies, or pay for mission-critical contract work in areas like physical security, dietary, and environmental services, we will continue to discuss these efforts with UnitedHealth Group and the federal government. – Rick Pollack of AHA.
By attempting to sell the stolen patient data from Lurie Children’s Hospital in Chicago, another ransomware operation known as Rhysida, also known for its attacks on healthcare, has hit a new low.
Another ransomware that targets healthcare is Lockbit, which was victim of a law enforcement operation last week called Operation Cronos that made it possible for law enforcement to seize servers, data, and decryptors.
However, LockBit has since added new servers and infrastructure, promising to improve security and stop such extensive takedowns once more.
BleepingComputer, sadly, has already seen indications that some affiliates are engaged in attacks, but it appears to be doing so at a slower rate than before the law enforcement operation.
Despite this, many people believe LockBit will soon lose its footing after its reputation has been damaged and the cybercrime community has lost faith.
In other news, a extortion group called Mogilevich claims to have robbed Epic Games of 189 GB of data, including source code. However, Epic Games confirmed to BleepingComputer that there is” no evidence” that they were attacked.
Additionally, Black Basta and the Bl00dy ransomware gang, two other ransomware gangs, have jumped aboard the ScreenConnect RCE vulnerability exploitation train.
This week, contributors and those who contributed new ransomware stories include: @pcrisk, @seifreed, @seifreed, @seifreed, @serghei, @fwosar, @billtoulas, @LawrenceAbrams, @Threatlabz, @DarkWebInformer, @a_greenberg, @a_greenberg, @brettcallow, @jon__d
February 25th, 2024
After police disruption, LockBit ransomware reappears and restores servers.
Less than a week after law enforcement hacked their servers, the LockBit gang is relaunching its ransomware operation on a new infrastructure and is threatening to put more of its attacks on the government.
February 26th, 2024
BlackCat ransomware was linked to a UnitedHealth subsidiary’s Optum hack.
Sources with knowledge of the investigation linked the BlackCat ransomware group to a cyberattack on UnitedHealth Group subsidiary Optum that resulted in an ongoing outage affecting the Change Healthcare payment exchange platform.
Abyss Locker – Ransomware Roundup
The Abyss Locker ( AbyssLocker ) ransomware is covered in this edition of the Ransomware Roundup.
2024, February 27th, 2024
US hospitals are being warned about targeted BlackCat ransomware attacks by the FBI and CISA.
The FBI, CISA, and the US Department of Health and Human Services ( HHS) issued a warning today about the targeted ALPHV/Blackcat ransomware attacks.
Ransomware gangs known as Black Basta and Bl00dy join ScreenConnect attacks
Ransomware gangs known as” Black Basta” and” Bl00dy” have joined a string of attacks that target ScreenConnect servers that have been patched using a maximum-severity authentication bypass vulnerability.
Systems that have been encrypted by ransomware, according to the Hessen Consumer Center
A ransomware attack has affected the Hessen Consumer Center in Germany, temporarily causing IT systems to shut down and obstructing its service.
New Mallox ransomware variant
A new Mallox ransomware variant with the.ma1x0 extension and a ransom note titled HOW TO RESTORE FILES has been discovered by PCrisk. txt.
February 28th, 2024
Epic Games:” Zero evidence” our hack was carried out by the Mogilevich gang.
After the Mogilevich extortion group claimed to have breached the company’s servers, Epic Games claimed to have found no proof of a cyberattack or data theft.
With new encryptors and servers, LockBit ransomware resumes its attacks.
Following last week’s disruption by law enforcement, the LockBit ransomware gang is once more launching attacks using updated encryptors and ransom notes that link to new servers.
The Ransomware gang claims to have extorted 6TB of Change Healthcare data.
A cyberattack on Optum, a subsidiary of UnitedHealth Group ( UGG), which resulted in an ongoing outage affecting the Change Healthcare platform, has been officially claimed responsibility by the BlackCat/ALPHV ransomware gang.
For children’s data that was stolen, Rhysida ransomware wants$ 3.6 million.
The Lurie Children’s Hospital in Chicago cyberattack was carried out at the start of the month by the Rhysida ransomware gang.
February 29, 2024
StopRansomware: Phobos Ransomware
This joint CSA is being distributed by the Federal Bureau of Investigation ( FBI ), the Cybersecurity and Infrastructure Security Agency ( CISA ), and the Multi-State Information Sharing and Analysis Center ( MS-ISAC ), in order to spread known TTPs and IOCs linked to the Phobos ransomware variants that were discovered as recently as February 2024, according to open source reporting. The structure of Phobos is based on a ransomware-as-a-service ( RaaS ) model. The MS-ISAC has received regular reports of Phobos ransomware incidents that affect state, local, tribal, and territorial ( SLTT ) governments since May 2019. Municipal and county governments, emergency services, education, public healthcare, and other important infrastructure providers were all successful victims of these incidents who successfully demanded a ransom of several million dollars from the United States.
Ransomware Leak: The Mysterious Case of the Missing Trump Trial
The threat then vanished without any explanation, leaving behind a lot of unanswered questions.
Ransomware for the New Frea
A new ransomware that adds the.frea extension and drops an oku ransom note has been discovered by PCrisk. txt.
2024, March 1st,
An ALPHA SPIDER Ransomware Attack’s anatomy
The first program written in the Rust programming language, Alphv ransomware as a service, which first appeared in December of this year, is notable. Ransomware variants that target multiple operating systems, a highly customizable variant that rebuilds itself every hour to avoid antivirus tooling, a searchable database on a clear web domain and the adversary’s dedicated leak site ( DLS), as well as a Bitcoin mixer integrated into affiliate panels, are all available in the Alphv RaaS.
Unisys: Source code was “exfiltrated” during a 2022 cyberattack.
During a cyberattack, Alphv/BlackCat asserted for less than an hour that it had stolen source code from Unisys. The person concerned examined the person’s regulatory declarations, which reveals the fact that the incident actually took place.
New Xorist variants
A ransom note titled HOW TO DECRYPT FILES is included in the new Xorist ransomware variants that add the.WoXoTo or.RS A- 4096 extensions. txt.