According to experts, the ransomware is a rebranding DarkSide hackers used in the May 2021 attack on the Colonial Pipeline.
Throughout 2022, BlackCat hit numerous high-profile organizations globally. This includes universities, government agencies and companies in the energy, technology, manufacturing, and transportation sectors.
Some of the reported victims include Moncler, Swissport, North Carolina A&T, Florida International University, the Austrian state of Carinthia, Regina Public Schools, the city of Alexandria, the University of Pisa, and JAKKS Pacific.
Cyberattack Details
The cyberattack on Change Healthcare significantly disrupted the US healthcare system. It involved a nine-day period of infiltration by the Alphv/BlackCat hackers before the ransomware was deployed.
The CEO disclosed that compromised credentials for a Citrix portal lacking multi-factor authentication allowed the attacker remote access. They moved laterally within the system to steal, and eventually deploy ransomware.
