I’ve been covering the Change Healthcare hack, and you could read my coverage here, here, and here. Brian Krebs has surfaced some information that shows that this story has taken a weird turn. Let’s start with the fact that the ransom has been paid:
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.
Now I am not going to go down the rabbit hole of whether they should have paid the ransom or not. At least not today. But the rabbit hole that I will go down is what happened next:
The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid.
“But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.”
So the affiliate got stiffed for their share of the cash. I believe there is an idiom that goes something like this: No honour among thieves. In any case this has caused BlackCat to shut down:
However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code.
That means that BlackCat will morph and reform into some other entity and keep attacking organizations. Lovely. And there’s still a question as to if the data that was stolen is still out there. The affiliate says that it is, which means that Change Healthcare still has a serious problem. Mark my words, this story is far from over. And it will likely get even more “weird.”
Related
This entry was posted on March 6, 2024 at 9:14 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Change Healthcare Hack Has Taken A Weird Turn
I’ve been covering the Change Healthcare hack, and you could read my coverage here, here, and here. Brian Krebs has surfaced some information that shows that this story has taken a weird turn. Let’s start with the fact that the ransom has been paid:
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.
Now I am not going to go down the rabbit hole of whether they should have paid the ransom or not. At least not today. But the rabbit hole that I will go down is what happened next:
The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid.
“But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.”
So the affiliate got stiffed for their share of the cash. I believe there is an idiom that goes something like this: No honour among thieves. In any case this has caused BlackCat to shut down:
However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code.
That means that BlackCat will morph and reform into some other entity and keep attacking organizations. Lovely. And there’s still a question as to if the data that was stolen is still out there. The affiliate says that it is, which means that Change Healthcare still has a serious problem. Mark my words, this story is far from over. And it will likely get even more “weird.”
Share this:
Like this:
Related
This entry was posted on March 6, 2024 at 9:14 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.