The all in one place for non-profit security aid.
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.
FBI, CISA warns Of ALPHV Blackcat Ransomware Attacking Hospitals
[[{“value”:”
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) have issued a joint advisory warning about the ALPHV Blackcat ransomware.
This ransomware-as-a-service (RaaS) has been identified through FBI investigations as targeting the healthcare sector with increased frequency since mid-December 2023.
You can analyze a malware file, network, module, and registry activity with the ANY.RUN malware sandbox, and the Threat Intelligence Lookup that will let you interact with the OS directly from the browser.
ALPHV Blackcat actors have adapted their communication methods, creating victim-specific emails to notify them of the initial compromise.
The ransomware group has been linked to over 60 breaches in its first four months of activity, with many victims being healthcare organizations.
The advisory updates previous alerts from April 2022 and December 2023, noting the ransomware’s evolution and the introduction of the ALPHV Blackcat Ransomware 2.0 Sphynx update in February 2023.
This update has enabled the ransomware to encrypt Windows and Linux devices and VMWare instances and has provided affiliates with better defense evasion and additional tooling.
The ransomware affiliates use advanced social engineering, posing as IT or helpdesk staff to gain network access.
They deploy remote access software and use various techniques for domain access, data exfiltration, and lateral movement within the network. After installing the ransomware, they allow listed applications and clear logs to evade detection.
The FBI, CISA, and HHS have recommended a series of mitigations to improve cybersecurity posture and reduce the risk of compromise by ALPHV Blackcat threat actors.
These include securing remote access tools, implementing phishing-resistant multifactor authentication (MFA), and user training on social engineering and phishing attacks.
In the event of a compromise, organizations are advised to quarantine affected hosts, reimage compromised systems, provision new account credentials, and report the incident to CISA or the FBI’s Internet Crime Complaint Center (IC3).
The FBI has also developed a decryption tool to assist victims in restoring their systems.
The Department of Justice has launched a disruption campaign against the ransomware group, which has targeted over 1,000 victims, including critical U.S. infrastructure.
The FBI has worked with affected victims to implement a decryption tool, saving them from approximately $68 million in ransom demands.
The joint advisory underscores the severe threat of ALPHV Blackcat ransomware, particularly to the healthcare sector.
It is a call to action for organizations to implement recommended cybersecurity measures and to report any incidents to facilitate law enforcement’s efforts to disrupt the activities of this ransomware group.
MD5DescriptionFile Name944153fb9692634d6c70899b83676575ALPHV Windows Encryptor efc80697aa58ab03a10d02a8b00ee740c90abb4bbbfe7289de6ab1f374d0bcbeALPHV Linux Encryptor 341d43d4d5c2e526cadd88ae8da70c1cAnti Virus Tools Killer363.sys34aac5719824e5f13b80d6fe23cbfa07CobaltStrike BEACONLMtool.exeeea9ab1f36394769d65909f6ae81834bCobaltStrike BEACONInfo.exe379bf8c60b091974f856f08475a03b04ALPHV Linux Encryptorhimebca4398e949286cb7f7f6c68c28e838SimpleHelp Remote Management toolfirst.exec04c386b945ccc04627d1a885b500edfTunneler Toolconhost.exe824d0e31fd08220a25c06baee1044818Anti Virus Tools KilleribmModule.dll
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post FBI, CISA warns Of ALPHV Blackcat Ransomware Attacking Hospitals appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code
GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers […] Read More
BleepingComputer
Tor Project removes relays because of for-profit, risky activity
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users. […] Read More
BleepingComputer