Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.
In an update on its website posted on Sunday, Omni said the stolen data includes customer names, email addresses, and postal addresses, as well as guest loyalty program information.
The company said the stolen data does not include financial information or Social Security numbers.
Ransomware gangs typically use such dark web sites to publish stolen information to extort a ransom from their victims.
A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken.
Some of the files, which TechCrunch has seen, also contain contracts and agreements between Change Healthcare and its partners.
For Change Healthcare, there’s another complication: This is the second group to demand a ransom payment to prevent the release of stolen patient data in as many months.
UnitedHealth Group, the parent company of Change Healthcare, said there was no evidence of a new cyber incident.
What’s more likely is that a dispute between members and affiliates of the ransomware gang left the stolen data in limbo and Change Healthcare exposed to further extortion.
A Russia-based ransomware gang called ALPHV took credit for the Change Healthcare data theft.
Some of the files, which TechCrunch has seen, also contain contracts and agreements between Change Healthcare and its partners.
For Change Healthcare, there’s another complication: This is the second group to demand a ransom payment to prevent the release of stolen patient data in as many months.
UnitedHealth Group, the parent company of Change Healthcare, said there was no evidence of a new cyber incident.
What’s more likely is that a dispute between members and affiliates of the ransomware gang left the stolen data in limbo and Change Healthcare exposed to further extortion.
A Russia-based ransomware gang called ALPHV took credit for the Change Healthcare data theft.
When a hacker called the company that his gang claimed to breach, he felt the same way that most of us feel when calling the front desk: frustrated.
The recording also shows how ransomware gangs are always looking for different ways to intimidate the companies they hack.
I’m just trying to help you,” the hacker responds, growing increasingly frustrated.
“So is that Dragonforce.com?”The hacker then threatens Beth, saying they will start calling the company’s clients, employees and partners.
“Excuse me?” the hacker responds.
The State Department blamed the prolific ransomware group for targeting U.S. critical infrastructure, including healthcare services.
Last month, an affiliate group of the ALPHV/BlackCat gang took credit for a cyberattack and weeks-long outage at U.S. health tech giant Change Healthcare, which processes around one-in-three U.S. patient medical records.
The affiliate group went public after accusing the main ALPHV/BlackCat gang of swindling the contract hackers out of $22 million in ransom that Change Healthcare allegedly paid to prevent the mass leak of patient records.
Change Healthcare has said since that it ejected the hackers from its network and restored much of its systems.
U.S. health insurance giant UnitedHealth Group, the parent company of Change Healthcare, has not yet confirmed if any patient data was stolen.
As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder.
Since then, just as talk of a potential ransom payment ban has gotten louder, so has the ransomware activity.
Is a ban on ransom payments the solution?
For a ban on ransom payments to be successful, international and universal regulation would need to be implemented — which, given varying international standards around ransom payments, would be almost impossible to enforce.
Given the brazen nature of these attackers, it’s unlikely that they would be deterred by a ban on ransom payments.
American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States.
“Based on our ongoing investigation, there’s no indication that except for the Change Healthcare systems, Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.”In a post on its dark web leak site on Wednesday, ALPHV/BlackCat took credit for the cyberattack at Change Healthcare.
Change Healthcare merged with U.S. healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group, the largest health insurance provider in the United States.
Change Healthcare said it took much of its systems offline to expel the hackers from its systems.
Do you work at Change Healthcare, Optum or UnitedHealth and know more about the cyberattack?
Just five days on, LockBit announced that its operations had resumed, claiming to have restored from backups unaffected by the government takedown.
Law enforcement claiming overwhelming victory while the apparent LockBit ringleader remains at large, threatening retaliation, and targeting new victims puts the two at odds — for now.
With the apparent administrator LockBitSupp still in action — the last remaining piece of the LockBit puzzle — it’s unlikely LockBit is going away.
Ransomware gangs are known to quickly regroup and rebrand even after law enforcement disruption claims to have taken them down for good.
At the time of writing, ALPHV’s leak site remains up and running — and continues to add new victims almost daily.
A spokesperson for Change Healthcare did not immediately respond to a request for comment.
Change Healthcare is an American healthcare tech giant and one of the country’s largest processors of prescription medications, handling prescriptions and billing for more than 67,000 pharmacies across the U.S. healthcare system.
The healthcare tech giant handles 15 billion healthcare transactions annually — or about one-in-three U.S. patient records.
Change Healthcare merged with healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group.
The cyberattack at Change Healthcare began on February 21 early on the U.S. East Coast, causing widespread outages at pharmacies and healthcare facilities.
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang.
In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities.
“Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild.
Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected.
The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.
