Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October 15, disrupting manufacturing and distribution operations
What is BlackCat Ransomware Gang?
The BlackCat ransomware gang, emerging in November 2021, is believed to be a rebrand of the notorious DarkSide/BlackMatter group. The gang gained global attention after targeting Colonial Pipeline, which led to fuel supply disruptions across the entire US East Coast. The FBI has linked them to over 60 breaches globally between November 2021 and March 2022, indicating a pattern of sophisticated cybercriminal activity.
Henry Schein Attacked by ALPHV, Again
On October 15, Henry Schein reported a cyberattack that impacted its manufacturing and distribution businesses, causing operational disruptions. Two weeks later, the BlackCat/ALPHV ransomware group claimed responsibility, boasting about encrypting files and stealing a massive 35 terabytes of sensitive data, potentially including personal information, bank account details, and payment card numbers.
The situation escalated in early November when the cybercriminals declared that negotiations had stalled. In response, they threatened to re-encrypt files, a move confirmed by Henry Schein’s subsequent system restoration updates. The company informed customers on November 22 that its applications, including the e-commerce platform, were rendered unavailable due to actions by the threat actor.
on ALHPV/BlackCat leak site.
Despite anticipating short-term disruptions, the latest update on November 26 assured customers that systems would soon be fully restored. As of the latest information, Henry Schein is no longer listed on the BlackCat leak website, hinting at a potential resumption of negotiations or even a ransom payment.
How to resist ransomware?
Organizations can enhance their resilience against extortionists through a multifaceted approach. First and foremost, robust cybersecurity measures are imperative. Regularly updating and patching systems can mitigate vulnerabilities, making it harder for extortionists to exploit weaknesses. Implementing strong access controls and regularly reviewing user privileges adds an extra layer of defense. Regular data backups are essential to ensure that organizations can quickly recover from ransomware attacks without succumbing to extortion demands. A well-defined incident response plan, including communication protocols and coordination with law enforcement, prepares organizations to swiftly and effectively handle extortion attempts.
Lastly, collaboration within the industry and sharing threat intelligence can strengthen collective defenses against evolving extortion tactics. By staying informed and implementing proactive measures, organizations can significantly reduce the likelihood of falling victim to extortionists.
