The United States government announced an extension to its efforts in seeking information on the key leadership of the ALPHV/BlackCat cybercrime gang, including their affiliate members.
The group was recently in headlines last month for claiming responsibility for a major ransomware attack on a U.S. health technology giant.
“The U.S. State Department stated it will offer a reward of up to $10 million for any information regarding the identification or location of individuals associated with ALPHV/BlackCat, their affiliates, activities, or potential links to foreign governments.”
The Russian-based cybercriminal operation, known as ALPHV/BlackCat, operates as a ransomware-as-a-service (RaaS) model. This scheme recruits affiliates, acting as contractors who receive compensation for launching ransomware attacks. Additionally, the operation receives a percentage of the ransom paid by the victim. While security researchers have not found a direct connection between ALPHV/BlackCat and a foreign government, the State Department implied in their statement that the group may be acting under the direction or control of a foreign government, such as Russia.
The State Department also accused the prolific ransomware group of targeting critical infrastructure in the United States, specifically healthcare services.
Just last month, an affiliate group of ALPHV/BlackCat claimed responsibility for a cyberattack that caused weeks of outage at Change Healthcare, a U.S. health tech giant. This attack resulted in a significant disruption to the access of patient records and billing information across the U.S. healthcare system. These delays caused problems in fulfilling medications and prescriptions, as well as surgical authorizations for weeks.
The affiliate group went public after accusing the main ALPHV/BlackCat gang of cheating them out of $22 million in ransom that was allegedly paid by Change Healthcare to prevent the mass leak of sensitive patient records. According to the group, ALPHV/BlackCat carried out an “exit scam,” where the hackers flee with their fortune to avoid paying their affiliates and instead keep the stolen funds for themselves.
Despite losing their share of the ransom demand, the affiliate group claimed to still have access to a significant amount of stolen sensitive patient data. Change Healthcare has stated that they have removed the hackers from their network and have restored many of their systems. However, the parent company of Change Healthcare, UnitedHealth Group, has not yet confirmed if any patient data was compromised during the attack.
Maintaining strong cybersecurity measures and staying vigilant against these types of attacks will be critical for protecting critical infrastructure and sensitive personal information in the future.
