A ransomware group known as ALPHV/BlackCat has claimed responsibility for a cyberattack on the Barts Health NHS Trust in London. The group alleges that they have stolen 7TB of data and will leak the documents online if their ransom demands are not met. The trust, one of the largest hospital trusts in the UK, is currently working with cybersecurity officials to investigate the breach. The Information Commissioner’s Office has also been notified of the possible attack.
ALPHV has published a sample of the stolen files on their leak site, which includes sensitive information such as driver’s licenses, passports, and confidential internal communications. The group, which primarily operates in Russia, claims that this attack is the largest leak from the UK’s healthcare system. If their claims are true, this would be the third cyberattack that Barts Health NHS Trust has experienced in the past six years.
In a separate study, cloud security company Zscaler’s ThreatLabz has found that cyberextortion is becoming the preferred tactic for attackers. The volume of ransomware attacks has increased by nearly 38% compared to the previous year. Instead of encrypting data, attackers are now focusing on stealing and threatening to publish confidential information. This trend of encryptionless extortion began in 2021 and has continued to rise over the past two years.
One prominent ransomware group, Cl0P, has been making headlines for using this tactic in a widespread attack on MOVEit’s file transfer software. However, some threat groups still prefer double extortion attacks, which combine encryption with extortion. The study shows that double extortion attacks against the education sector have grown by 121.79% compared to the previous year. Zscaler suggests that double extortion attacks are more successful because organizations have become more diligent in backing up their data, allowing them to quickly recover encrypted files.
The United States is the most impacted by double extortion attacks, with 40% of the analyzed attacks targeting US entities. This is likely due to the US being the world’s largest economy. Canada is the second most impacted country, but to a much lesser extent, with only 6.75% of attacks targeting Canadian entities. Ransomware developers are also adopting new tactics by using programming languages like Golang and Rust, which are more memory safe and harder to reverse-engineer.
A recent report from cloud computing firm Thales reveals that 39% of businesses experienced a data breach in their cloud environment last year, a 4% increase from 2021. The majority of these breaches (55%) were caused by human error, while exploitation of vulnerabilities accounted for 21% of the breaches. Hackers are increasingly targeting users as a means to infiltrate cloud networks. Matt Cooke, Cybersecurity Strategist at Proofpoint, explains that attackers recognize that people and their accounts are vulnerable, regardless of their location or the tools they use.
The study also highlights a 41% increase in the usage of software as a service (SaaS) over the past two years. More than half of the cybersecurity professionals surveyed believe that SaaS usage has made it more challenging to secure cloud data. Additionally, 79% of respondents reported employing the services of more than one cloud provider. Multicloud environments pose a higher risk of breaches or intrusions due to discrepancies in configuration and compatibility, making cybersecurity more challenging.
As organizations increasingly move critical data into the cloud, it is crucial to reassess cybersecurity measures. Solutions that may have worked in on-premises environments might not be sufficient in multicloud environments. Therefore, it is important for organizations to invest in robust cybersecurity measures to protect their cloud data and mitigate the risk of data breaches caused by human error or vulnerabilities in cloud systems.