The FBI just issued an alert warning organizations about BlackCat/ALPHV ransomware as a service (RaaS) – the RaaS group has compromised at least 60 organizations worldwide since March alone.
Ransomware groups with names like Black Cat, Darkside/Black Matter, REvil and Conti are among the most dangerous and prolific cyber thieves today. Other groups like FIN12, CLOP and Egregor are also wreaking havoc across sectors, including healthcare.
The Health Sector Cybersecurity Coordination Center (HC3) also published the FBI alert, noting that “many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations. HC3 has noted at least two attacks on the Healthcare and Public Health Sector by this actor since December 2021.”
The FBI states:
“As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing. BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero but have accepted ransom payments below the initial ransom demand amount. Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.”
Ransomware as a Service
Ransomware as a service (RaaS) is a business model that imitates the concept of Software as a Service (SaaS). It allows a ransomware developer to provide other cybercriminals with readymade tools that execute ransomware scripts.
The original developer embeds the ransomware script into software and gives the software to the the cybercriminal who makes the attack. The developer then earns some percentage of the ransom payment.
Early on, most ransomware attacks were performed by individuals with special expertise in coding and application development. But the growth of ransomware as a service has multiplied the number of potential attackers, resulting in an exponential increase in ransomware frequency.
Prevent Ransomware Attacks
The single most important tactic to prevent ransomware attacks is a HIPAA Risk Analysis. A Risk Analysis is a comprehensive evaluation of every element required to maintain privacy and security of patient data. It is designed to uncover threats and provide steps to minimize those threats.
And because phishing through email continues to be the primary point of entry for cybersecurity attacks, cybersecurity awareness training is essential.
Each of the mitigation steps from the FBI listed below are addressed in the Security Rule Checklist provided in The HIPAA E-Tool®.
Among the mitigations the FBI recommends are:
- Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.
- Regularly back up data, air gap*, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., hard drive, storage device, the cloud).
- Use multifactor authentication where possible.
The FBI does not encourage paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.
If you need a kickstart to refresh your HIPAA compliance, set priorities or create some training, give us a call.
*An air gap is a security measure in which computers, computer systems or networks are not connected in any way to any other devices or networks – also known as an air wall. (from techopedia)