HHS cybersecurity arm warns against BlackMatter ransomware

Although the group claims to not target hospitals, HC3 says healthcare organizations should still be on alert.
By Kat Jercich
11:47 AM

The Health Sector Cybersecurity Coordination Center has released a warning about BlackMatter, a newly surfaced ransomware that the agency called "highly sophisticated" and "financially motivated."

The issue brief, released by the U.S. Department of Health and Human Services' cybersecurity arm, included claims from BlackMatter representatives that they would not attack hospitals.   

In fact, if an entity like a hospital or nonprofit company is attacked, they can ask for free decryption, according to the hacker group.  

Still, HC3 cautioned, "these details are what BlackMatter claims to be, and may not be accurate."  

WHY IT MATTERS  

BlackMatter represents yet another ransomware gang to emerge onto the scene in the wake of REvil, which suddenly disappeared this summer (only to resurface this week).

The group claims the ransomware development took six months and includes the "best features of LockBit, REvil, and Darkside," according to HC3. HC3 said the group is Russian speaking and likely Eastern European in origin.   

Its targeted countries include the United States, India, Brazil, Chile and Thailand, with the list growing. Attacks have already been carried out in the United States against legal, architecture and real estate industry stakeholders.

HC3 included best practices that can be used to mitigate BlackMatter, including providing social engineering and phishing training to employees; keeping patches up to date; implementing spam filters at email gateways; and blocking suspicious IP addresses at firewalls.

It also suggested implementing whitelisting technology, access control and anti-malware solutions, as well as ensuring proper configurations.

Importantly, the agency classified BlackMatter's threat to the healthcare sector as "elevated."  

"While there have not been any public healthcare victims yet, BlackMatter’s suspected predecessors targeted the healthcare sector," it said.  

THE LARGER TREND

Federal agencies have issued several warnings in the past year as new families of ransomware have surfaced.  

In May, the Federal Bureau of Investigation released a bulletin outlining a pattern of Conti ransomware attacks targeting U.S. healthcare and first-responder networks. And just this past month, the FBI issued a similar alert about Hive, a ransomware gang reportedly responsible for the attack on Memorial Health System in August.

ON THE RECORD  

"Organizations should remain on alert despite the group’s claims to not target healthcare," said HC3 in the issue brief.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.