Search This Blog

Powered by Blogger.

Blog Archive

Labels

LockBit Latest Variant LockBit 3.0, With BlackMatter Capabilities

HC3 believes BlackCat will continue to exploit healthcare in the foreseeable future.

 

Healthcare sectors' cybersecurity intelligence has been requested to review the IOCs and has also been recommended to take proactive steps to fight against BlackCat and LockBit 3.0 ransomware variants which are rampantly targeting healthcare sectors. 

On 2nd December the Department of Health and Human Services Cybersecurity Coordination Center published two new research analyst notes in which it explained and issued alerts against four ransomware   namely Venus, Hive, Lorenz, and Royal.

Dat from the past attacks suggest that well-practiced, properly prepared plans and a clear understanding of the attack are crucial to setting up a successful ransomware response. For the BlackCat and LockBit 3.0 threats in particular; it is highly recommended that the healthcare sector's response against such attacks should be planned and proactive. 

“BlackCat can also clear the Recycle Bit, connect to a Microsoft cluster and scan for network devices. It also uses the Windows Restart,” according to the issued alert. 

As per the data, healthcare is among one of the  most targeted industries, for example, the pharmaceutical sector, which is constantly targeted by hackers. HC3 believes BlackCat will continue to exploit healthcare department in the foreseeable future. 

The sector is urged to take the “threat seriously and apply appropriate defensive and mitigative actions towards protecting their infrastructure from compromise.” 

Historically, LockBit targeted the RaaS model and entities for higher ransoms and leveraged double extortion tactics. The most recent version of LockBit 3.0 comes with advanced extortion tactics and utilised a triple extortion model which asks the victim to pay for their sensitive information. 

“Once on the network, the ransomware attempts to download command and control (C2) tools such as Cobalt Strike, Metasploit, and Mimikatz, encrypted files can only be unlocked with LockBit’s decryption tool,” according to the alert. 

While the group has been targeting health sectors worldwide, the U.S. and its healthcare sectors have been victimized deliberately by the group. HC3 asked the organizations to review the provided IOCs and recommended security measures to prevent further attacks.
Share it:

BlackCat

healthcare sectors

LockBit 3.0

malware

Ransomware

ransomware attacks