BlackCat Archives

Healthcare Industry Rocked by Major Hack

ALPHV, auto updates, Backup Strategies, BlackCat, Hackers, identify phishing, Ophtek, RansomwareALPHV, backup data, BlackCat, hackers, Ophtek, phishing, ransomware, updatesOphtek, LLC

Apr 2024

Healthcare data is some of the most sensitive data in existence, but a major hack has just affected up to 15 billion records.

Change Healthcare, who provide revenue and payment services for healthcare providers and patients, has announced that its systems have been compromised by threat actors. With Change Healthcare processing around 15 billion transactions a year, this represents a major attack. And the impact has already been felt. Healthcare providers have been struggling to charge for their services, while patients have been struggling to get their prescriptions issued. It’s a nightmare scenario for all involved and underlines the effect malware can have.

How Did Change Healthcare Get Hacked?

The precise details of how Change Healthcare was hacked has not, as yet, been revealed. However, we do know it was carried out by a ransomware group which goes by the names of ALPHV or BlackCat. Naturally, their trademark attack style involves ransomware, and it’s most likely that this was utilized in the Change Healthcare attack. With ransomware typically encrypting data, this is highly damaging for any service handling healthcare data. By encrypting patient records, the hackers would be severing a crucial flow of information.

The attack came on the 21^st February 2024, and Change Healthcare took down their systems on the same day. A week later, BlackCat announced they had been behind the attack. Details of a $22 million payment to the ransomware groups have also been revealed, although Change Healthcare are yet to confirm this was made by themselves. Prescription claim submissions and payment systems have recently been reinstated by Change Healthcare, but full access to their systems is unlikely to be restored until mid-March.

Who is BlackCat?

BlackCat has been active online since 2021 and, since then, has launched a series of audacious attacks. The group was linked to the Colonial Pipeline ransomware attack in 2021, and it also took responsibility for the MGM Casino attack in 2023. Headlines such as these didn’t go unnoticed, and in December 2023, the US Department of Justice set about disrupting BlackCat’s activities. Clearly, though, the resulting Change Healthcare attack has demonstrated how BlackCat was unharmed by this resistance.

Staying Safe from Ransomware

The threat of ransomware is well known, but the Change Healthcare attack is a big deal and acts as an important reminder to stay vigilant. With this in mind, we’re going to show you the best ways to stay safe from ransomware:

Regular software updates: ransomware often takes control of IT infrastructures due to software vulnerabilities. Accordingly, you need to make sure automatic updates are activated on your operating system. This ensures your software is updated as soon as an update is available, preventing you from running a network with open doors for threat actors.
Employee training: your employees are one of your most powerful forms of defense against ransomware threats. Therefore, regular training on cybersecurity threats such as identifying phishing emails, malicious websites, and understanding how to report cybersecurity incidents is vital. With this in place, you can rest assured your network is as secure as possible.
Regular, isolated backups: you need to regularly back up critical data and ensure that backups are stored in a secure, isolated location. Automated backup solutions can help ensure consistency and reliability in the event of your data being encrypted by ransomware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Major US Casinos Hit by Ransomware

BlackCat, educate team, MGM, Ophtek, Phishing, protection, Ransomware-as-a-Service, social engineeringBlackCat, educate team, MGM, Ophtek, phishing, protection, ransomware as a service, social engineeringOphtek, LLC

Nov 2023

A major ransomware attack on the MGM brand of casinos has led to the firm’s IT systems having to be shut down.

The ransomware-as-a-service hacking group BlackCat has taken responsibility for the attack, and it’s an attack which has caused major issues for MGM. IT systems responsible for processing electronic payments, digital key cards, parking systems and ATMs have all been impacted by this attack. While the attack is considered major, it was executed by the simplest of means. As ever, this attack on MGM contains some important lessons for organizations to learn and enforce.

How Were the MGM Casinos Hacked?

The MGM attack was made possible by the use of social engineering techniques. In particular, BlackCat identified an MGM employee by scouring related profiles on LinkedIn. With this information at their disposal, the threat actors contacted the MGM help desk and used this employee’s details as their way into the system. The exact nature of the breach, for security reasons, has not been disclosed, but it’s believed that it only took 10 minutes for BlackCat’s strategy to be successful.

BlackCat, with full access to MGM’s IT infrastructure, set about issuing demands to MGM through a secure communication channel they had put in place. However, MGM refused to pay any of the ransom fees demanded by BlackCat. Instead, on the recommendations of their security team, MGM began shutting their Okta servers – used for authorization processes – down.

However, BlackCat were able to remain active on the network due to the administrator privileges that they had gained during the attack. And, in response, BlackCat set about compromising over 100 hypervisors – applications which are used to manage virtual machines located on a PC – and encrypting the data contained on them.

BlackCat, again, brought their ransom demand to the table and also threatened to launch further attacks if this was not met.

How Could MGM Have Protected Their IT Systems?

As a thriving, world-famous organization, MGM could have done without the headlines relating to the attack by BlackCat. And, as with all social engineering attacks, this could have easily been avoided if MGM had practiced the following:

Be skeptical: unsolicited requests for information should always be treated with caution. If personal information is being requested, then always question the person, even if they appear to be legitimate, asking for the information. More importantly, take steps to verify their identity through official channels to confirm their authenticity.
Educate your team: it’s important that you familiarize your team with the most common social engineering tactics such as phishing emails and baiting. Awareness of these techniques will allow your staff to recognize these manipulative techniques before they can execute their malicious payloads.
Protect personal information: it’s crucial that you always protect sensitive data such as passwords, financial details, and personal identification. Avoid sharing such information with strangers or unverified individuals, such as on social media sites – as social engineers often harvest these channels to discover vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Tag Archives: BlackCat