US warned about ALPHV ransomware group and its target on healthcare sector

The cyberattack is connected to the ALPHV/Blackcat ransomware group

The notorious ALPHV/Blackcat ransomware group has resurfaced following an FBI takedown, targeting an increasing number of healthcare providers. The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Tuesday, highlighting the group's return after federal authorities dismantled its websites and servers in December. According to the agencies, since mid-December 2023, the healthcare sector has become the primary target, likely due to an administrator's directive urging affiliates to focus on hospitals after the group's operational disruption. This resurgence indicates ALPHV's intent to retaliate by striking critical infrastructure within the US. The FBI issued the alert amidst reports of a cyberattack on Change Healthcare, disrupting prescription processing across pharmacies nationwide. The attack has been attributed to the ALPHV/Blackcat group, as per Reuters.

Compounding the challenge is the apparent base of many ransomware hackers in Russia, a nation known for its reluctance to extradite suspected cybercriminals to the US. In response to ALPHV's tactics, the FBI cautions against the group's use of impersonation techniques, including posing as IT help desk personnel to obtain login credentials. While Change Healthcare's parent company, UnitedHealth Group, has yet to confirm ALPHV's involvement in the cyberattack, the impact has been substantial, prompting modifications to electronic claim processing across a significant portion of the nation's pharmacies. Meanwhile, ALPHV has publicly claimed responsibility for the Change Healthcare attack on its website, underscoring the ongoing challenges posed by ransomware threats in the cybersecurity landscape.