cyberattack – News Agency nabakhabar

Who is Blackcat, the hacker group that has disrupted UnitedHealth and pharmacies everywhere?

News Agency nabakhabar — Sun, 03 Mar 2024 12:40:44 +0000

For the past week and a half, UnitedHealth’s Change Healthcare business has been undergoing a cyberattack, which has impacted the ability of some pharmacies to fill prescriptions in a timely manner. Now the company is finally addressing who the enemy is.

The Blackcat ransomware group—which also goes by ALPHV or Noberus—has been identified as the party responsible for the hack, Change Healthcare confirmed Thursday.

“Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network, on this attack,” the company said in a statement. “We are actively working to understand the impact to members, patients, and customers.”

Change Healthcare provides prescription-processing services for pharmacies—and with the system down, some pharmacies have been unable to process prescriptions to insurance companies, which allows them to receive payments. The company now says it has “multiple workarounds to ensure people have access to the medications and the care they need.”

Blackcat isn’t an unfamiliar name to law enforcement officials. The Justice Department mentioned the group last December, announcing officials had launched a disruption campaign against it. The FBI, it said, had “gained visibility into the Blackcat ransomware group’s computer network” as part of an ongoing investigation and seized several websites that the group operated.

Over the past two years, Blackcat has established itself as the world’s second most prolific ransomware-as-a-service (RaaS) organization, taking hundreds of millions of dollars from victims. Multiple law enforcement agencies from a variety of countries around the world are conducting parallel investigations into the group.

“The disruptions caused by the ransomware variant have affected U.S. critical infrastructure—including government facilities, emergency services, defense industrial-base companies, critical manufacturing, and healthcare and public health facilities—as well as other corporations, government entities, and schools,” the Justice Department wrote.

RaaS is a model that has become popular among hackers in the past four years. Brokers sell or rent exploit kits or back doors into companies, allowing them to access user information, install malware, and assume control of system resources. Those brokers sell access for thousands of dollars and the ransomware attackers can demand many times that much from the victims.

Change Healthcare had initially told the Securities and Exchange Commission (SEC) that it suspected a nation-state-associated bad actor could be behind the attack. Blackcat, however, is said to be a for-profit operation. It’s unknown at this point if UnitedHealth has ruled out the interference of another government. (Blackcat has denied that in a now-deleted social media post, but the honesty of a hacking collective is generally questionable.)

Like many ransomware companies, Blackcat uses multiple forms of extortion in its attack. After it gains access, it takes sensitive data, then encrypts the system and demands a ransom to undo the locks it has set in place as well as agree not to publish the (typically sensitive) information it has obtained.

Should the company not pay, the information is generally released on either the Dark Web or a leak website.

Change Healthcare’s systems have been offline for 10 days now. The company has not signaled when they expect them to return.

“We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems,” the company said. “If we suspect any issue with the system, we will immediately take action.”

The post Who is Blackcat, the hacker group that has disrupted UnitedHealth and pharmacies everywhere? appeared first on News Agency nabakhabar.

Ukraine Says Has ‘Evidence’ Russia Behind Cyberattack

News Agency nabakhabar — Sun, 16 Jan 2022 19:33:09 +0000

Ukraine said Sunday it had “evidence” Russia was behind a massive cyberattack that knocked out key government websites this past week, while Microsoft warned the hack could be far worse than first thought.

Tensions are at an all-time high between Ukraine and Russia, which Kyiv accuses of having massed troops on its border ahead of a possible invasion. Some analysts fear the cyberattack could be the prelude to a military attack.

On Friday, Washington also accused Russia of sending saboteurs trained in explosives to stage an incident that could be the pretext to invade its pro-Western neighbor.

“All the evidence points to Russia being behind the cyberattack,” the Ukrainian digital transformation ministry said in a statement. “Moscow is continuing to wage a hybrid war.”

The ministry urged Ukrainians not to panic, saying their personal information was protected.

The purpose of the attack, it added, “is not only to intimidate society. But to also destabilize the situation in Ukraine, halting the work of the public sector and crushing Ukrainians’ trust in the authorities.”

The Kremlin rejected the claims and said there was no evidence Russia was behind the attack.

“We have nothing to do with it. Russia has nothing to do with these cyberattacks,” President Vladimir Putin’s spokesman, Dmitry Peskov, told CNN.

“Ukrainians are blaming everything on Russia, even their bad weather in their country,” he said in English.

Kyiv said late Friday it had uncovered preliminary clues Russian security services could have been behind the cyberattack.

The SBU security service said the attacks in the early hours of Friday had targeted a total of 70 government websites.

Microsoft warning

Microsoft warned Sunday that the cyberattack could prove destructive and affect more organizations than initially feared.

The U.S. software giant said it continued to analyze the malware and warned it could render government digital infrastructure inoperable.

“The malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” the U.S. software giant said in a blog post.

Microsoft said it had not so far identified a culprit behind the attacks but warned that the number of affected organizations could prove larger than initially thought.

“Our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” Microsoft said.

“These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations.”

The post Ukraine Says Has ‘Evidence’ Russia Behind Cyberattack appeared first on News Agency nabakhabar.

UK energy firm says power cut was not caused by cyberattack

News Agency nabakhabar — Thu, 15 Aug 2019 05:28:22 +0000

National Grid operations director Duncan Burt said Friday’s blackout was caused when two powerstations failed almost simultaneously, leading the system to cut off power to some parts of the country in order to preserve the rest.

He said the company was “very confident that there was no malicious intent or cyberattack involved.”

Burt said the loss of two power plants at once was a “very, very rare event” and something similar last happened in 2008.

Tim Green of the Energy Futures Laboratory at Imperial College London said failures were at a gas-fired power plant in southern England and a wind farm in the North Sea. He said it was unclear whether the two near-simultaneous outages were connected or it was a coincidence.

Britain’s energy watchdog, Ofgem, said it has asked for “an urgent detailed report from National Grid so we can understand what went wrong and decide what further steps need to be taken. This could include enforcement action.”

The cut hit a large swath of England and Wales, knocking out traffic lights and railway signals and bringing electric-powered trains to a standstill. Electricity was restored within 90 minutes but many travelers were stuck for hours on trains.

Delays and cancellations continued Saturday at London’s King’s Cross, one of the country’s busiest train stations.

Andrew Adonis, a former chairman of Britain’s National Infrastructure Commission, said National Grid had “some big questions to answer” about how a relatively brief power cut had caused nationwide mayhem on the railways.

“Why … did their systems allow the national transport system to collapse in the way it did? Because that absolutely shouldn’t happen,” he said.

People walk in near darkness at Clapham Junction station during a power

The post UK energy firm says power cut was not caused by cyberattack appeared first on News Agency nabakhabar.