Focusing on the attackers Ransomware Attack on Change Health
- March 28, 2024
- 10:30 am
A Bitcoin transaction linked to the attackers behind the Change Healthcare breach suggests they received a hefty $22 million payment.
The ransomware attack on Change Healthcare, a major medical services provider, has caused significant disruptions in the US healthcare system. Here’s a breakdown of the latest developments:
Attack Impact
- The attack targeted Change Healthcare, disrupting pharmacy operations nationwide.
- This resulted in delays and difficulties in delivering prescription drugs for over 10 days.
Possible Ransom Payment
- A Bitcoin transaction linked to the hacker group AlphV (BlackCat) suggests a potential ransom payment.
- On March 1st, a single transaction sent 350 bitcoins (roughly $22 million) to an AlphV-connected address.
Dispute Within the Hacker Group
- A post on a cybercriminal forum by someone claiming to be an AlphV affiliate suggests internal conflict.
- The affiliate accuses AlphV of not sharing their cut of the alleged Change Healthcare ransom.
- They reference the public Bitcoin transaction as evidence.
Expert Analysis
- Dmitry Smilyanets, a security researcher, believes this points towards Change Healthcare paying the ransom.
- The large transaction amount is unusual and suggests a significant payment.
- The affiliate connects the transaction to the Change Healthcare attack.
Change Healthcare's Response
- A spokesperson for Change Healthcare declined to confirm or deny paying a ransom.
- Their statement focuses on ongoing investigation efforts.
Change Healthcare Ransomware Attack: Potential Repercussionse
Following the news of a possible $22 million ransom payment to AlphV hackers, security experts warn of concerning consequences.
Confirmation of Bitcoin Transaction
- Security firms Recorded Future and TRM Labs link the $22 million Bitcoin address to AlphV.
- TRM Labs claims to trace the address back to payments from two other AlphV victims in January.
Potential Impact on Healthcare Industry
- Brett Callow, a ransomware researcher, expresses concern about the precedent this sets.
- He argues that paying ransoms incentivizes future attacks on the healthcare sector.
- Ransomware attacks on healthcare can disrupt critical services and patient care.
Internal Conflict Within AlphV
- A self-proclaimed AlphV affiliate (“notchy”) accuses the group of keeping the entire ransom.
- This suggests potential instability within the hacking group.
Risk of Data Leak
- Notchy further claims to possess data from other healthcare firms connected to Change Healthcare.
- This raises concerns about a potential data leak even if Change Healthcare paid the ransom.
Ransom Payment Significance
- Security experts highlight the unusual size of the potential ransom.
- Emsisoft’s Callow compares it to the rare instance of a $40 million ransom payment.
AlphV's Comeback and Disappearance
- The attack demonstrates AlphV’s resurgence after a December takedown by the FBI.
- The group’s dark web extortion site has since gone offline.
- The reason for the disappearance remains unclear, with possibilities ranging from law enforcement action to internal disputes.
Uncertain Future
- AlphV is known for rebranding and disappearing previously under names like BlackCat and Darkside.
- Security researchers are keeping a close eye on the group’s future activities.
