US presents $10M to assist catch Change Healthcare hackers

US presents M to assist catch Change Healthcare hackers
US presents M to assist catch Change Healthcare hackers

The U.S. authorities stated it’s extending its reward searching for info on key management of the ALPHV/BlackCat cybercrime gang to its affiliate members, one among which final month took credit score for a large ransomware assault on a U.S. well being tech large.

In a press release Wednesday, the U.S. State Division stated it’s going to offer a reward of up to $10 million for info that identifies or locates any particular person related to ALPHV/BlackCat, together with “their associates, actions, or hyperlinks to a international authorities.”

The Russia-based ALPHV/BlackCat is a ransomware-as-a-service operation, which recruits associates — successfully contractors who earn a fee for launching ransomware assaults — and takes a minimize of no matter ransom demand the sufferer pays. Though safety researchers haven’t but drawn a connection between ALPHV/BlackCat and a international authorities, the State Division implied in its assertion that the gang could also be “appearing on the course or below the management of a international authorities,” equivalent to Russia.

The State Division blamed the prolific ransomware group for focusing on U.S. crucial infrastructure, together with healthcare providers.

Final month, an affiliate group of the ALPHV/BlackCat gang took credit score for a cyberattack and weeks-long outage at U.S. well being tech large Change Healthcare, which processes round one-in-three U.S. affected person medical data. The cyberattack knocked out a lot of the U.S. healthcare system’s entry to affected person data and billing info, inflicting large outages and delays in fulfilling medicines and prescriptions and surgical authorizations for weeks.

The affiliate group went public after accusing the primary ALPHV/BlackCat gang of swindling the contract hackers out of $22 million in ransom that Change Healthcare allegedly paid to stop the mass leak of affected person data.

The group stated ALPHV/BlackCat carried out an “exit rip-off,” the place the hackers run off with their fortune to keep away from paying their associates and hold the stolen funds for themselves.

Regardless of having misplaced their minimize of the ransom demand, the affiliate group claimed to nonetheless have entry to an enormous quantity of stolen delicate affected person knowledge.

Change Healthcare has stated since that it ejected the hackers from its community and restored a lot of its techniques. U.S. medical health insurance large UnitedHealth Group, the mother or father firm of Change Healthcare, has not but confirmed if any affected person knowledge was stolen.