US hospital attacked by BlackCat denies hackers’ ransom


A US-based healthcare system that runs more than a dozen hospitals has refused to pay extortion money to Russia-linked hackers.

Lehigh Valley Health Network (LVHN), a Pennsylvania-based healthcare provider, said the organization was targeted by a ransomware attack from the BlackCat syndicate.

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling criminals malware subscriptions.

ADVERTISEMENT

LVHN spotted unauthorized activity on its IT systems on February 6. The organization claims to have notified law enforcement authorities and cybersecurity firms LVHN is cooperating with.

An investigation revealed that the incident involved a computer system medics use to screen patient images, information on radiation oncology treatment, and other sensitive data.

However, LVHN said it refused to pay the ransom demanded by hackers. Authorities advise against paying hackers, saying that there’s no guarantee threat actors will decrypt data. Paying the ransom may also invite unwelcome attention from other syndicates, as criminals start seeing the victim as solvent.

ALPHV/BlackCat was noted for its use of the Rust programming language. According to an analysis by Microsoft, threat actors that started deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes money launderers for the ALPHV/BlackCat cartel are linked to Darkside and Blackmatter ransomware cartels, indicating the group has a well-established network of operatives in the RaaS business.

Lately, ALPHV/BlackCat has been among the most active ransomware gangs. According to cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of attacks in 2022.

ADVERTISEMENT