HHS alerts health sector of BlackMatter attacks

Featured image

Share this article

HHS alerts health sector of BlackMatter attacks - Paubox

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released a threat brief to warn companies about the dangers of BlackMatter ransomware. 

Designed to steal data from business networks and render it inaccessible, healthcare entities are particularly advised to stay on high alert of this emerging strain. Keep reading to learn how BlackMatter works, key strategies to reduce your risk, and why HIPAA compliant email is critical to staying one step ahead. 

What is BlackMatter ransomware? 

Suspected to originate from Eastern Europe, BlackMatter is a sophisticated and financially-motivated form of ransomware that incorporates features of DarkSide, REvil, and LockBit. The group operates by encrypting files and requesting a ransom payment from victims to regain access.

SEE ALSO: To pay or to not pay for stolen data

According to the HC3 alert, the threat actors usually target Windows and Linux servers to carry out attacks and often coordinate with initial access brokers (IABs) to enable further exploitation. BlackMatter is known to compromise locally-stored files, terminate processes before encryption, and upload system data to a remote server including usernames, domains, and language details. 

Who is at risk? 

Recently linked to an attack on Japanese company Olympus, BlackMatter typically directs efforts toward companies in the legal, real estate, IT, finance, food and beverage, architecture, and education industries.

Although BlackMatter claims to not target hospitals, the threat brief notes that the group’s suspected predecessors were responsible for numerous attacks on organizations within the health sector. Additionally, there were at least 65 reported cases of threat actors selling network access to healthcare entities in the last year. Therefore, HC3 has determined that health-related companies are at a heightened risk and should remain especially cautious

Ways to stay protected

The HC3 alert includes a list of recommended actions that health providers can take to lower the chance of a BlackMatter attack. These strategies include: 

  • Perform offline data backups and ongoing testing 
  • Leverage whitelisting technology to ensure that only authorized software is permitted to run
  • Establish access control based on the principle of least privilege
  • Use an anti-malware solution
  • Conduct system hardening to minimize potential security vulnerabilities 
  • Limit or fully eliminate remote desktop protocol (RDP) usage
  • Educate employees on how to identify phishing emails and other social engineering tactics 
  • Block unknown IP addresses with a firewall and ensure that all rules are updated 

With ransomware attacks on the rise across the globe, there is no better time to safeguard your protected health information (PHI) with stronger email security. 

Designed to integrate with your existing platform, Paubox Email Suite sends HIPAA complaint email by default and automatically encrypts all outgoing messages. This means your patients are able to seamlessly receive your emails directly in their inbox without needing to access any additional passwords or portals

Paubox’s Plus and Premium plan levels also include innovative inbound email security tools that work to stop malicious activity in its tracks. Our patented ExecProtect feature intercepts display name spoofing attempts early on, while Zero Trust Email requires one more unique piece of proof to confirm that a message is legitimate. 

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022