Earlier in 2022, the U.S. FBI issued a warning about BlackHat Ransomware. The criminal entity has breached over 60 organizations worldwide. The BlackHat virus is a ransomware-type infection that locks (encrypts) files and demands ransom payments in return for decryption keys/tools.
The ransomware being used by the hackers notable for being the first-ever malware written in the Rust programming language, which is known to be memory safe and offer improved performance.
Looking into further developments with the hacking group for Digital Journal is Dave Klein, Director, Cyber Evangelist of Cymulate.
According to Klein: “The use of Rust is significant as it is an attempt at attack obfuscation. This uses existing techniques but is obfuscated by using a new programming language that may go beyond existing security controls.”
Delving further into the FBI report, Klein finds: “The other interesting thing the FBI notes is that former Darkside ransomware group members and affiliates are associated with this campaign. Similar to Darknet criminal marketplaces when a marketplace is shut down, the vendors move to a new marketplace.”
An example of such a marketplace is Silk Road, which was an online black market and the first modern darknet market. The site was notorious for selling large quantities of drugs. Since then, many other illicit marketplaces have arisen.
As to the significance, Klein considers: “What does that show? When your previous ransomware group gets shut down, the members will take their skill sets and move on to other opportunities.”
Hospital cyberattack puts lives at risk
Moving across the Atlantic to a French hospital that had to disconnect after hackers stole data. The impacted facility was the GHT Coeur Grand Est. Hospitals and Health Care group, located in Northeast France.
Mike DeNapoli, lead security architect of Cymulate adds further context to the incident impacting the 3,370 beds hospital, telling Digital Journal: “This is a disastrous event for the region in which this hospital serves. Blocking all connectivity disconnects them from their patients as much as it does from the attackers.”
According to DeNapoli: “This also means that they cannot obtain the same level of rapid assistance from external Incident Responders. We see, yet again, another example of how ruthless attackers are, where they will risk the health and lives of real human beings in the pursuit of payouts, and how healthcare organizations are not ready to address these threats effectively.”