2024-02-28
CISA Updates ALPHV Blackcat #StopRansomware Advisory
The US Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the Department of Health and Human Services (HHS) has released an update to their joint advisory about the ALPHV/Blackcat ransomware-as-a-service (RaaS). The new information includes new indicators of compromise, as well as associated tactics, techniques, and procedures. The ALPHV/Blackcat attacks have been focusing their attention on the healthcare sector, most recently the attack against Change Healthcare.
Editor's Note
The advisory was issued in response to recent healthcare-related ransomware incidents. But keep in mind that the same techniques are also used in other industries. They are not healthcare-specific.
Johannes Ullrich
Starts with four items to do today. While urgent, most will take longer than a day. I would add network segmentation to the list. Ransomware attacks exploit the ability to move laterally.
William Hugh Murray
The ransomware group Blackcat is an equal opportunity attacker, every industry sector is a target. While the advisory updates IoCs and attacker tactics, the best defense remains diligence in patch, configuration, and credential management.
Curtis Dukes
Read more in
CISA: #StopRansomware: ALPHV Blackcat
SC Magazine: ALPHV/BlackCat hits healthcare after retaliation threat, FBI says
Bleeping Computer: FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
Health IT Security: Healthcare Faces Uncertainty Amid Change Healthcare Cyberattack