The BlackCat/ALPHV Ransomware Attack on Barts Health NHS Trust

Barts Health NHS Trust has been targeted by the BlackCat/ALPHV ransomware gang. Barts Health NHS Trust stands as one of the largest National Health Service (NHS) trusts in the United Kingdom, operating several hospitals in London. These facilities provide healthcare services to a significant portion of the capital city's population. The trust's name originates from St Bartholomew's Hospital, boasting a history that stretches back to 1123.

Barts Health NHS Trust was formed in 2012, following the merger of several hospitals and healthcare facilities. This amalgamation included St Bartholomew's Hospital, The Royal London Hospital, Whipps Cross University Hospital, Newham University Hospital, and Mile End Hospital. Together, these hospitals cater to a diverse community, offering a broad spectrum of medical services ranging from emergency care to specialized treatments and general healthcare.

Details of the Cyberattack

On June 30th, BlackCat/ALPHV announced on its data leak site that it had compromised Barts Health NHS Trust, claiming to have exfiltrated 7TB of sensitive and confidential data. First detected in late 2021, BlackCat/ALPHV operates a sophisticated RaaS (Ransomware-as-a-Service) platform. This platform utilizes encryption through an AES algorithm, with the AES key itself being encrypted using an RSA public key.

Notably, BlackCat/ALPHV has demonstrated capabilities to disable security tools and evade analysis. It is believed to be the first ransomware group to utilize RUST, a programming language known for its safety and exceptional performance in concurrent processing. Furthermore, the ransomware exploits Windows scripting for payload deployment and to compromise additional hosts. The developers behind BlackCat/ALPHV have also been linked to previous DarkSide/BlackMatter ransomware attacks, suggesting a possible rebranding of those campaigns.