ALPHV (BlackCat) Gang Allegedly Receives $22 Million Bitcoin Ransom from Change Healthcare Attack
ALPHV (BlackCat), the notorious gang responsible for the recent cyberattack on Change Healthcare, has allegedly received a staggering $22 million in Bitcoin as a possible ransomware payment. Change Healthcare, a provider of IT services to more than 70,000 American pharmacies and hospitals, utilizes the company’s technologies for processing insurance claims, managing prescriptions, and other crucial tasks.
Interestingly, it appears that ALPHV may have stolen the $22 million from its very own affiliate crew, the group responsible for the initial attack on Change Healthcare. This revelation sheds light on the complex dynamics within the hacking landscape.
Recorded Future’s intelligence analyst, Dmitry Smilyanets, noticed a Bitcoin wallet closely linked to ALPHV that received 350 Bitcoins on March 1. At the time, this transaction was worth an estimated $22 million. The parent company of Change Healthcare, UnitedHealth Group, is now actively investigating the cyberattack and its aftermath.
The BlackCat ransomware attack on Change Healthcare caused significant disruptions in services, leading to the temporary shutdown of systems and impacting prescription processes at various locations across the United States. Major pharmacy chains like CVS and Walgreens felt the repercussions of this malicious act.
Gangs such as ALPHV generally lease their ransomware to affiliates who undertake the actual task of infecting victims. In return, these affiliates receive a percentage of the ransom money paid to the malware’s developers. In this instance, after successfully obtaining the payment, ALPHV promptly suspended the affiliate’s account, emptied the Bitcoin wallet, and took all the money for themselves.
The affiliates maintain that they still possess a significant amount of “critical data” stolen from Change Healthcare and its partners. Fearing potential data leaks, Change Healthcare is undoubtedly on edge. To add to the complexity, the affiliates issued a warning to others in the hacking community, urging caution when dealing with ALPHV.
The incident involving ALPHV and Change Healthcare serves as a chilling reminder of the growing threat posed by cybercriminals willing to exploit vulnerabilities within critical systems. As investigations continue, it remains crucial for organizations to bolster their cybersecurity measures and heighten their vigilance against such attacks.
Analyst comment
This news can be evaluated as negative. As an analyst, it is likely that the market will see increased concern and urgency in bolstering cybersecurity measures. Organizations may invest more in cybersecurity technologies and services to mitigate the risks posed by cybercriminals like ALPHV.
