BlackCat Ransomware Attacks:
Marriott and Hilton

BlackCat Ransomware Strikes Again: Marriott and Hilton Under Cyber Siege

The ALPHV/BlackCat ransomware gang, known for their recent attacks on the MGM and Caesars Las Vegas resorts, has now targeted the U.S. hotel management group LBA Hospitality. LBA Hospitality manages nearly 100 hotels under major chains like Marriott, Hilton, Holiday Inn, and Best Western, primarily situated in the southeastern U.S.

The Ransomware group announced their attack on LBA Hospitality through their dark leak site, showcasing a sample of files they claim to have extracted from the Alabama-based company. The alleged data breach includes around 200GB of “highly confidential” internal company data, encompassing client and employee personal details, financial reports, credit card information, and more.

Background

In November 2021, a dangerous Ransomware called ALPHV (also known as ALPHV-ng, BlackCat, and Noberus) emerged. It targets various organizations worldwide and uses a tricky tactic called triple-extortion. This means it not only encrypts your data and threatens to expose it but also threatens to launch a DDoS attack if you don’t pay.

This threat seems to be created by someone with a deep experience in Ransomware, using tactics that have worked before. Experts even think it might be connected to previous Ransomware groups like BlackMatter, which is linked to REvil and DarkSide.

ALPHV has been advertised on various cybercrime forums, where people are offered big returns for joining the group, up to ninety percent of the ransom they collect.

When these new partners join, the first step in entering a victim’s computer network will probably involve using familiar methods. For instance, they might take advantage of common weaknesses in network equipment like VPN gateways and misuse login information through exposed remote desktop protocol (RDP) connections.

Next, the ALPHV attackers have seen using PowerShell to change the security settings of Windows Defender all over the victim’s network.

The Affected

LBA Hospitality offers a wide range of services to its hotel clients, including HR, accounting, IT, and sales, managing a vast amount of sensitive data within its network systems. The samples provided by ALPHV/BlackCat, however, seem limited to a few personal documents and unsigned agreements.

Interestingly, this marks the fourth data breach Marriott has faced in the past five years. The last significant breach in 2020 exposed sensitive data of 5.2 million guests.

The ALPHV/BlackCat Ransomware gang, active since 2021, operates on a Ransomware-as-a-Service (RaaS) model. They were responsible for a cyberattack on MGM that disrupted its entire network system, affecting guest rooms, digital keys, slot machines, and more. They have also been linked to other major Ransomware groups and have been responsible for approximately 12% of all ransomware attacks in 2022.

Futurism’s Smart Recommendations to Prevent such Ransomware Attacks:

• Regular Backups: Ensure that all critical data is backed up regularly. Store backups in a secure location to prevent them from being targeted.

• Employee Training: Employees are often the weakest link in security. Provide regular cybersecurity awareness training sessions covering latest phishing tactics and ways to recognize potential threats. Deploy powerful email security and web security solutions.

• Update and Patch: Keep all systems, software, and applications up-to-date. Regularly patching vulnerabilities reduces the chances of exploitation. Invest in a good vulnerability assessment and penetration testing solution.

• Multi-Factor Authentication (MFA): Implement a robust MFA. This adds an additional layer of security, making it harder for attackers to gain access to your networks and systems.

• Network Segmentation: Don’t store all your eggs in one basket. Segment your network to ensure that if one section is compromised, it doesn’t necessarily compromise the rest.

• Endpoint Protection: Use an advanced endpoint protection solution that can detect and block Ransomware attacks in real-time.

• Incident Response Plan: Always have a plan in place. Knowing what to do in the event of an attack can significantly reduce recovery time and costs.

• Limit Access: Only give access rights to those who need it. Limiting the number of people who have access to critical data can reduce the risk of a breach.

• Invest in a Trusted Cybersecurity Partner: Partner with a trusted managed cybersecurity solutions provider to deploy a powerful line of defense and address potential security threats for your organization.

• Leverage AI-powered Cybersecurity Solutions: Leverage advanced AI and machine learning algorithms to continuously monitor and analyze your organization’s network traffic and system behaviors. An AI-powered advanced threat protection solution can detect and mitigate unusual patterns or vulnerabilities that could be indicative of a Ransomware attack.

With these recommendations, businesses can significantly reduce their risk of falling victim to brutal Ransomware attacks like the ALPHV/BlackCat Ransomware and ensure a safer digital environment.

Disclaimer: All the perspectives, views, and information presented in this article are solely of the authors and their corresponding sources. They do not represent or reflect the principles or viewpoints of Futurism Technologies in any way.