The hackers behind one of the most disruptive health care cyberattacks in U.S. history received a payment of $22 million, and experts say this suggests the victims may have paid the gang an enormous ransom. Health care providers and pharmacies across the nation were left unable to process prescriptions, leaving patients unable to get needed medications after Change Healthcare's payment exchange platform went down with the Feb. 21 cyberattack, Scripps News reports. In a now-deleted post on the dark web Wednesday, notorious ransomware group AlphV/BlackCat said it was behind the attack, and Change, which is operated by UnitedHealth Group's subsidiary Optum, confirmed this. Then on Friday, a Bitcoin address belonging to AlphV hackers received a single transaction payment of 350 bitcoins, which is worth nearly $22 million, according to WIRED and blockchain analysis group TRM Labs.
Two days later, an AlphV affiliate posted to the underground cybercriminal platform RAMP saying the ransomware group cheated them out of their share of the ransom Change paid to "prevent data leakage and decryption key," according to a screenshot from Dmitry Smilyanets, a researcher for security firm Recorded Future. Groups like AlphV often use affiliates to do the actual hacking with its ransomware and then give the affiliates some of the payouts. Te affiliate said AlphV "kept lying and delaying" their payment until the group finally "emptied the wallet and took all the money." "Sadly for the target Change Healthcare - OPTUM, their data [is] still with us," the affiliate's post said, per the screenshot. A United Healthcare spokesperson declined to answer questions on whether it paid a ransom to AlphV, only saying it was, "focused on the investigation right now." iIf it did pay the ransom, the affiliate's alleged post suggests "4TB of the critical data" that Change was worried would leak is still under the hackers' control, potentially leading to additional payments if Change wants to prevent a possible leak.
Kommentare