Sequretek Advisory - BlackCat Strikes Back: Healthcare Sector Under Siege

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks.

BlackCat, a RaaS (Ransomware-as-a-Service) group, is back and targeting healthcare organizations, including UnitedHealth subsidiary Optum, since December 2023.

This aggressive campaign, possibly retaliation for law enforcement actions, highlights the evolving tactics of ransomware actors.

Previous attempts to disrupt BlackCat's operations, including seizing their dark leak sites, were unsuccessful.

A ScreenConnect remote access domain has been linked to recent attacks.

CISA previously warned of a critical vulnerability (CVE-2024-1709) in ScreenConnect.

This flaw, CVE-2024-1709 is an authentication bypass vulnerability that allows attackers to create system admin accounts on vulnerable instances and use them for their own malicious ends.

Sign Up Here for Download