The Health Sector Cybersecurity Coordination Center has released a warning about BlackMatter, a newly surfaced ransomware that the agency called “highly sophisticated” and “financially motivated.”
The issue brief, released by the U.S. Department of Health and Human Services’ cybersecurity arm, included claims from BlackMatter representatives that they would not attack hospitals.
In fact, if an entity like a hospital or nonprofit company is attacked, they can ask for free decryption, according to the hacker group.
Still, HC3 cautioned, “these details are what BlackMatter claims to be, and may not be accurate.”
WHY IT MATTERS
BlackMatter represents yet another ransomware gang to emerge onto the scene in the wake of REvil, which suddenly disappeared this summer (only to resurface this week).
The group claims the ransomware development took six months and includes the “best features of LockBit, REvil, and Darkside,” according to HC3. HC3 said the group is Russian speaking and likely Eastern European in origin.
Its targeted countries include the United States, India, Brazil, Chile and Thailand, with the list growing. Attacks have already been carried out in the United States against legal, architecture and real estate industry stakeholders.
HC3 included best practices that can be used to mitigate BlackMatter, including providing social engineering and phishing training to employees; keeping patches up to date; implementing spam filters at email gateways; and blocking suspicious IP addresses at firewalls.
It also suggested implementing whitelisting technology, access control and anti-malware solutions, as well as ensuring proper configurations.
Importantly, the agency classified BlackMatter’s threat to the healthcare sector as “elevated.”
“While there have not been any public healthcare victims yet, BlackMatter’s suspected predecessors targeted the healthcare sector,” it said.
THE LARGER TREND
Federal agencies have issued several warnings in the past year as new families of ransomware have surfaced.
In May, the Federal Bureau of Investigation released a bulletin outlining a pattern of Conti ransomware attacks targeting U.S. healthcare and first-responder networks. And just this past month, the FBI issued a similar alert about Hive, a ransomware gang reportedly responsible for the attack on Memorial Health System in August.
ON THE RECORD
“Organizations should remain on alert despite the group’s claims to not target healthcare,” said HC3 in the issue brief.