“Eating words has never given me indigestion.”
— Winston Churchill
Top Story
Finally, more information is being released about two top tier ransomware operations, Blackcat and Royal by the Health Sector Cybersecurity Coordination Center (HC3). Both pose a severe threat to healthcare and the public health sector.
The Background Info
In 2021 and the beginning of 2022 Conti was the largest professional ransomware-as-a-service (RaaS) operation. The operation was disbanded in 2022, but its members are still active and are now spread among multiple smaller organizations. These smaller organizations are harder to track, more agile, and attract less attention from law enforcement.
Details on BlackCat
BlackCat also known as AlphaV was first noticed in November of 2021. It is thought to be the successor of Darkside/BlackMatter ransomware. The admin of BlackCat is believed to be a former member of REvil. BlackCat is a RaaS operation that participates in triple extortion, involving data theft, file encryption, and distribution of denial of service attacks on victims. They leak stolen data on a data leak site and conduct attacks when the ransom has not been paid by its victims. Mainly US organizations are targeted by BlackCat. BlackCat has a rule prohibiting conducting attacks on hospitals, medical institutions, and ambulance services, but private clinics and pharmaceutical companies are not off-limits. While these rules exist, they are not set in stone or necessarily always followed. This group has conducted attacks on 60 organizations in the first 4 months of being detected.
Details on Royal
Royal was first detected in early 2022, this group is similar to BlackCat but still has former Conti members in it. Royal was using the same encryption as BlackCat but now has switched to their own. Royal is the most active ransomware operation. They engage in more than double the number of extortion tactics involving data theft, file encryption, and threats to published data. Royal often conducts callback phishing attacks to gain access to networks. These start with an email containing a phone number. The victim is convinced to call the number, which grants access to the device. The group also attacks using an encryptor which poses as healthcare patient data software. The healthcare industry is not off limits to Royal and poses a great threat to Health Promoting Hospitals.
So Where Are We at With Prevention?
HC3 has released detailed information for network defenders on techniques and procedures that are being used, as well as Indicators of Compromise, Yara rules, and recommended mitigations.
Diamond of the Week
BioTech 💎
There could be a new vaccine to prevent cancer! BioTech is in the process of perfecting a mRNA vaccine that could prevent cancer, they are projecting to have the vaccine approved before 2030. The vaccine stems from the same technology that was used in many of the Covid 19 vaccines. To read more on this amazing medical innovation click here.
Who’s the WOAT
TikTok 😡
It is no secret that TikTok is a powerful platform. As people are continuing to show off their extreme weight loss on the platform, the drug Ozempic is now one more pharmaceutical to add to the shortage list. Many Type 2 diabetes patients, as well as patients facing obesity, rely on this product. To find out more about the shortage, and how this drug has gained immense popularity for weight loss click here.
Who Knew
The misconception: Help to comply with HIPAA requirements is not easily accessible.
False! Websites such as the HHS website and the OCR’s website are available at no cost. Many medical societies and academies offer documents and materials at low costs. In addition, there are companies that specialize in helping covered entities stay HIPAA compliant. There are even more recourses for individuals wanting to get more information on HIPAA requirements such as speaking with a Privacy Officer.
A Round of Applause For…
Carosh’s Director of Digital Marketing Olha Vakuliuk 👏
Olha recently just earned her Master’s Degree! Quite an achievement, congratulations Olha!
Sources:
- Alder, Steve. “HC3 Shares Intelligence on BlackCat and Royal Ransomware Operations.” The HIPAA Journal, 6 Jan. 2023, www.hipaajournal.com/hc3-intelligence-blackcat-royal-ransomware-operations/. Accessed 1 Apr. 2023.
- Think You’re Compliant? Find Out!
- Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN, 46307