The Department of Justice recently announced a “disruption campaign” against the Blackcat ransomware group (aka ALPHV or Noberus), including seizing the group’s darknet website and releasing a decryption tool for victim entities to recover their systems.
Responding in kind, Blackcat “unseized” its darknet site and threatened to expand its range of targets to include hospitals, nuclear power plants, and critical infrastructure. In a statement translated from Russian to English by several cyber news outlets, the Blackcat group stated, “Because of their actions, we are introducing new rules, or rather, we are removing ALL rules, except one, you cannot touch the CIS (critical infrastructure sectors), you can now block hospitals, nuclear power plants, anything, anywhere.”
Healthcare and public business entities (and their respective service providers) should heed this warning. The ransom group also claims it will notify the SEC and the HHS in the event of no initial contact by the victim entity. It has, in the past, lodged at least one complaint with the SEC based on the threat group’s claim that the victim did not report a significant incident.
More information about the malware, including technical information about indicators of compromise and recommendations to mitigate its effects, is available from the FBI at www.ic3.gov/Media/News/2022/220420.pdf.
Additional information regarding law enforcement’s ongoing investigation into Blackcat is available at www.justice.gov/media/1329536/dl?inline.