Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

HHS alerts health sector of BlackMatter attacks

HHS alerts health sector of BlackMatter attacks

The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center (HC3) has released a threat brief to warn companies about the dangers of BlackMatter ransomware.  Designed to steal data from business networks and render it inaccessible, healthcare entities are particularly advised to stay on high alert of this emerging strain. Keep reading to learn how BlackMatter works, key strategies to reduce your risk, and why HIPAA compliant email is critical to staying one step ahead. 


What is BlackMatter ransomware? 


Suspected to originate from Eastern Europe, BlackMatter is a sophisticated and financially-motivated form of ransomware that incorporates features of DarkSide, REvil, and LockBit. The group operates by encrypting files and requesting a ransom payment from victims to regain access. SEE ALSO: To pay or to not pay for stolen data According to the HC3 alert, the threat actors usually target Windows and Linux servers to carry out attacks and often coordinate with initial access brokers (IABs) to enable further exploitation. BlackMatter is known to compromise locally-stored files, terminate processes before encryption, and upload system data to a remote server including usernames, domains, and language details. 


Who is at risk? 


Recently linked to an attack on Japanese company Olympus, BlackMatter typically directs efforts toward companies in the legal, real estate, IT, finance, food and beverage, architecture, and education industries. Although BlackMatter claims to not target hospitals, the threat brief notes that the group’s suspected predecessors were responsible for numerous attacks on organizations within the health sector. Additionally, there were at least 65 reported cases of threat actors selling network access to healthcare entities in the last year. Therefore, HC3 has determined that health-related companies are at a heightened risk and should remain especially cautious


Ways to stay protected


The HC3 alert includes a list of recommended actions that health providers can take to lower the chance of a BlackMatter attack. These strategies include: 
  • Perform offline data backups and ongoing testing 
  • Leverage whitelisting technology to ensure that only authorized software is permitted to run
  • Establish access control based on the principle of least privilege
  • Use an anti-malware solution
  • Conduct system hardening to minimize potential security vulnerabilities 
  • Limit or fully eliminate remote desktop protocol (RDP) usage
  • Educate employees on how to identify phishing emails and other social engineering tactics 
  • Block unknown IP addresses with a firewall and ensure that all rules are updated 


With ransomware attacks on the rise across the globe, there is no better time to safeguard your protected health information (PHI) with stronger email security.  Designed to integrate with your existing platform, Paubox Email Suite sends HIPAA complaint email by default and automatically encrypts all outgoing messages. This means your patients are able to seamlessly receive your emails directly in their inbox without needing to access any additional passwords or portals

Paubox’s Plus and Premium plan levels also include innovative inbound email security tools that work to stop malicious activity in its tracks. Our patented ExecProtect feature intercepts display name spoofing attempts early on, while Zero Trust Email requires one more unique piece of proof to confirm that a message is legitimate. 


Try Paubox Email Suite Plus for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.