An anonymous reader cites Krebs’ report on security. There are indications that US healthcare giant Change Healthcare has paid $22 million in extortion to the notorious BlackCat ransomware group (also known as “ALPHV”) as it struggles to get its services back online. During a cyber attack The impact disrupted prescription drug services across the country for several weeks. But the cybercriminals who claim to have given BlackCat access to Change’s network say the criminal organization has been defrauded of its share of the ransom and is still in possession of sensitive data that Change reportedly paid BlackCat to destroy. claims.On the other hand, disclosure of affiliated companies It appears to have prompted BlackCat to cease operations completely.. […]
The affiliate claimed that BlackCat/ALPHV received $22 million but did not pay any portion of the ransom. BlackCat is known as a “ransomware-as-a-service” collective, meaning it relies on freelancers and affiliates to infect new networks with ransomware. Those affiliates then receive a commission of 60-90% of the paid ransom. “However, after receiving the payment, the ALPHV team decided to suspend our account and lied and kept delaying when we contacted ALPHV administrators,” affiliate “Notch” wrote. Masu. “Unfortunately for Change Healthcare, their data is [is] You’re still with us. ” […] On the bright side, Notchy’s indictment appears to have been the final nail in the coffin for the BlackCat ransomware group, which was infiltrated by the FBI and foreign law enforcement partners in late December 2023. As part of that action, the government seized BlackCat. We have accessed the website and released a decryption tool to help victims recover their systems. BlackCat responded by reorganizing and increasing affiliate commissions to 90%. The ransomware group also declared that it is officially lifting all restrictions and restraints on targeting hospitals and healthcare providers. However, BlackCat representatives declined to compensate or appease Notchy, saying today that the group is no longer active and that a buyer for the ransomware’s source code has been found. […] BlackCat’s website currently features a seizure notice from the FBI, but several researchers believe the image was simply cut and pasted from a notice left by the FBI when it raided BlackCat’s network in December. He pointed out that it seems like.
Fabian Wossard, head of ransomware research at security firm Emsisoft, said BlackCat leaders committed “withdrawal fraud” against affiliates by withholding many ransomware payment fees at once and suspending the service. He said that it seems like he is trying to set up a. “ALPHV/BlackCat was not seized,” Wosar wrote on Twitter/X today. “They are running an affiliate withdrawal scam. If you check the source code of their new takedown notice, it’s clear.” Dmitry Smilyanets, a researcher at security firm Record Future, said Black Cat’s withdrawal scam said to be particularly dangerous. That’s because Black Cat still has all the stolen data and could demand additional payments or leak the information on its own. “The affiliate still has this data, but he is angry that he did not receive this money, Smilyanets.” told Wired.com. “This is a good lesson for everyone: You can’t trust criminals. Their word is worthless.”
