HHS Cybersecurity Arm Issues Alert About BlackMatter Ransomware Group

The Department of Health and Human Services’ cybersecurity arm has warned the health and public health sector to be on high alert because of the emergence of the BlackMatter ransomware group.

In a detailed threat brief, the Health Sector Cybersecurity Coordination Center said BlackMatter operates by incorporating the best features of ransomware strains such as DarkSide, Lockbit 2.0 and REvil/Sodinokibi.

The emerging group, which HC3 believes to have originated in Eastern Europe, is seemingly financially motivated and claims to be honest and transparent when dealing with victims, saying in statements that it would never attack the same company twice, HealthITSecurity reported.

HC3 noted in the brief that BlackMatter has already attacked victims in the U.S., Brazil, Chile, India and Thailand, with a focus on the real estate, IT services, food and beverage, architecture, education and finance sectors.

While BlackMatter promised to steer clear of hospitals, critical infrastructure facilities, nonprofit companies, government, the defense industry, or the oil and gas industry, HC3 asserted that some of the group’s claims may not be accurate.

According to HC3, the ransomware group actively searches for initial access brokers to gain access to compromised networks for further exploitation. IABs are essential to ransomware operations as they sell credentials, VPN login information and web shells to ransomware groups.

“HC3 has observed at least 65 instances of threat actors selling network access to health care entities on hacking forums in the past year,” the brief warned.

To mitigate potential attacks by the group, HC3 advised health care organizations to have offline, encrypted data backups, maintain a cyber incident response plan and practice good cyber hygiene.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now