The BlackCat/ALPHV ransomware group has recently targeted two new victims: Verbraucherzentrale Hessen, a consumer advice center in Germany, and Electro Marteix, SL, a Spanish company.
The Cyber Express team has taken the credit by thoroughly investigated the matter and has confirmed that Verbraucherzentrale Hessen was indeed subjected to a cyberattack.
BlackCat Ransomware Cyberattack on Verbraucherzentrale Hessen Confirmed
As per a notice published on their official website, their IT infrastructure was targeted in an Verbraucherzentrale Cyberattack on February 22, 2024. The incident resulted in temporary disruptions to their services, affecting telephones, advice hotlines, and online platforms.
However, swift action was taken to restore most services, including email communication and website accessibility. Fortunately, the efforts of IT security experts have led to successful data restoration.
โFor a short time, the Hesse consumer center was therefore either unavailable or only accessible to a limited extent. All telephones and advice hotlines as well as the service telephone are now working again. E-mail communication is also possible again without restrictions.โ
The German to English translation of the notice on the official website of Verbraucherzentrale Hessen reads
The official website of Verbraucherzentrale Hessen is now fully accessible, and the advice centers are operating as usual. Personal consultations and online consultations will proceed as scheduled. The majority of the data on the server has been successfully restored.
While the specific details of the hacker attack are still unknown, Verbraucherzentrale Hessen has emphasized its dedication to data protection and reassured the public of its commitment to safeguarding their information.
To enhance security measures, Verbraucherzentrale Hessen has taken steps to limit the amount of consumer data stored on its servers, reducing potential risks. The relevant authorities, including the IT security office of the state of Hesse and the state data protection officer, have been promptly informed, and a criminal complaint has been filed with the Hesse police.
While the cyberattack has been confirmed, Verbraucherzentrale Hessen has chosen not to disclose the identity of the responsible hacker group. This decision has left certain questions unanswered and introduced an additional layer of uncertainty to the situation.
ALPHV Ransomware Claims on the Electro Marteix Cyberattack Casts Doubts
However, upon visiting the website of Electro Marteix, SL, there are no indications of any malicious activities, raising doubts about ALPHV ransomware’s claim of targeting the Spanish company.
Ongoing efforts are being made to verify the alleged Electro Marteix Cyberattack. Despite attempts to contact company officials, no response has been received at the time of this report, leaving the claim unsubstantiated.
To address the increasing ransomware threat, the Cybersecurity and Infrastructure Security Agency (CISA) has taken action.
In collaboration with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), they have released an updated version of the joint advisory, #StopRansomware: ALPHV Blackcat.
This comprehensive update provides network defenders with essential information, including valuable insights, new indicators of compromise (IOCs), and tactics associated with the malicious ALPHV Blackcat ransomware-as-a-service (RaaS) operation.
The ALPHV Blackcat ransomware campaign has recently intensified its targeting, specifically directing its efforts towards critical infrastructure sectors, such as healthcare institutions.
Disturbing trends discovered in recent FBI investigations underscore the pressing need for collective action within the cybersecurity community to confront this widespread threat.
As the investigation into these cyberattacks progresses, the ambiguity surrounding the actions of the ALPHV ransomware group persists.
Verbraucherzentrale Hessen’s confirmation of the attack, coupled with the ongoing scrutiny of ELECTRO MARTEIX, SL, necessitates the continued vigilance by the cybersecurity community.
