Cybercrime

FBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sector

The FBI, CISA, and the Department of Health and Human Services (HHS) have issued a joint advisory to healthcare organisations across the United States warning against targeted ransomware attacks orchestrated by the ALPHV/Blackcat group.

In the notice, the agencies alerted of the escalating threat posed by ALPHV/Blackcat affiliates, particularly targeting the healthcare sector. This warning is the latest in a wave of notifications detailing the emergence of the BlackCat cybercrime gang. Others include an FBI flash alert in April 2022 and an advisory in December 2023.

Since its inception in November 2021, the BlackCat group, suspected to be a rebrand of the DarkSide and BlackMatter ransomware gangs, has been linked to over 60 data breaches and has amassed a staggering $300 million in ransoms from more than 1,000 victims as of December 2023.

Most concerning is the recent surge in ransomware attacks against healthcare organisations, with the ALPHV/Blackcat group targeting hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces. The agencies have underscored the urgent need for critical infrastructure organisations to implement robust mitigation measures to against the risk of Blackcat ransomware attacks.

Today’s advisory comes in the wake of a cyberattack on UnitedHealth Group subsidiary Optum, leading to an ongoing outage affecting Change Healthcare, a pivotal payment exchange platform in the US healthcare system. Although UnitedHealth Group has refrained from confirming the BlackCat link, forensic experts investigating the incident have identified the group’s involvement.

The attack, exploiting the critical ScreenConnect authentication bypass vulnerability (CVE-2024-1709), underscores the urgent need for heightened vigilance and proactive measures to safeguard against ransomware threats.

While the FBI has taken steps to disrupt BlackCat’s operations, including dismantling its Tor negotiation and leak sites, the group persists. The State Department has offered substantial rewards for information leading to the identification or location of BlackCat leaders, emphasising the severity of the threat posed by ransomware groups.

Chainalysis issues the 2023 cryptocurrency crime report

Private US company Chainalysis is a leading company in collecting and analyzing data used on cryptocurrency blockchains. In its annual report on cryptocurrency-related crime, they point out that illicit cryptocurrency volumes reach all-time highs amid a surge in sanctions and hacking. 

‘Overall, the share of all cryptocurrency activity associated with illicit activity has risen for the first time since 2019, from 0.12% in 2021 to 0.24% in 2022.’ The company assesses that an equivalent of $20.6B is used for illicit activities. 

A big part of that sum comes from the offenses related to the economic sanctions on Russia. This shows that a strict regime of sanctions is efficiently imposed on cryptocurrency exchanges, by the US department of the treasury, and international financial institutions. The report describes methods that are used for money laundering and fund transfers. As a key takeaway, Chainalisys points out that the impact of crypto sanctions depends on the jurisdiction and technical constraints.

Ransomware crypto payments

The report shows a decline in ransomware from 2021. Chainalisys claims that ransomware victims increasingly refuse to pay the ransom money hence pushing the criminals out of this scheme. The report is stating that “meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts”  In 2021, the US Office of Foreign Assets Control (OFAC) issued an advisory document about the risk of ‘sanction crimes’ that can rise from ransomware payments. OFAC advises all US companies to report ransomware to the FBI prior to any action. This is also considered to be one of the factors for the drop in ransomware payments. In addition, ransomware lifespan is significantly shorter. From 470 days in 2019, it is down to 70 days in 2022.

Money laundering

The report is stating a rise in money laundering activities from $14.2B in 2021 to $23.8B in 2022. The report is stating ‘underground money laundering services’ are a growing concern. Such groups use private channels on messaging apps to set and organise private transactions that are hard to track.

Cryptocurrency scams

Cryptocurrency scams and the use of cryptocurrency on darknet markets are on the decline compared to previous years.

University student pled guilty to cyberstalking

Iván Santell-Velázquez pled guilty before the United States District Court Judge Silvia Carreño-Coll, to cyberstalking. The defendant hacked 100 student email accounts and stole their personal information while studying at the University of Puerto Rico at Cayey. Additionally, in the years between 2019 and 2021, the defendant hacked the Snapchat accounts of several women, who were studying at the University of Puerto Rico, and harassed them by sharing their intimate pictures on Twitter and Facebook.

US Attorney Muldrow stated that this case shows how crucial it is to protect personal information, especially in response to suspicious SMS messages and emails. On October 12, 2022, the sentencing hearing is expected to take place.

British Army’s social media accounts were hacked

British Army’s Twitter and YouTube accounts were hacked. The name of the Army’s Twitter account was changed, while videos on cryptocurrency, and posts related to NFTs appeared on their feed. The British Army stated there is no evidence as to who may be behind the hacking of the accounts. The accounts were restored to normal while investigations regarding the hacks are still ongoing. Army’s spokesperson stated that there will not be any further comments on the incident until the investigation is complete.