Ransomware Attack on Change Healthcare: $22 Million Payment Raises Concerns

Published: March 12, 2024

The recent ransomware incident aimed at Change Healthcare, a medical firm, has caused substantial disruption, particularly affecting pharmacies nationwide, including those within hospitals. This disruption in prescription drug delivery has persisted for over 2 weeks. Recent developments within the criminal underground community have shed light on this incident.

An affiliate of the hackers group, AlphV or BlackCat, revealed a significant transaction, approximately $22 million, in Bitcoin. This transaction, connected to AlphV, suggests a ransom payment received for the attack on Change Healthcare. Dmitry Smilyanets, a researcher at Recorded Future, noted the rarity of such large transactions and inferred that it likely indicates ransom payment. However, Change Healthcare has declined to confirm if they made such a payment. 

Both Recorded Future and TRM Labs have linked the Bitcoin address receiving the $22 million payment to AlphV hackers. This potential payment sets a concerning precedent for the healthcare sector, as it not only fuels future attacks by the same group but also encourages other ransomware actors to target essential healthcare services. Brett Callow, a researcher at Emsisoft, emphasizes the danger of such payments, indicating they could incentivize repeated attacks on the healthcare industry.

Moreover, an affiliate of AlphV, posting as “notchy,” complained about not receiving their agreed share of the ransom, suggesting internal disputes within the hacker group. Additionally, the affiliate claimed to have accessed data from other healthcare firms associated with Change Healthcare, posing further risks of data exploitation or extortion. 

The $22 million ransom, if confirmed, marks a lucrative achievements for AlphV, similar to other notable ransom payments in the past. Despite a previous setback due to an FBI operation, AlphV managed to execute a devastating cyberattack on Change Healthcare, underscoring the resilience and adaptability of ransomware groups. The recent disappearance of AlphV’s dark web site raises questions about potential law enforcement actions or internal conflicts within the group. However, given their history of rebranding and regrouping, it’s uncertain if this marks the end of their activities. 

This incident emphasizes the alarming escalation of ransomware threats against critical infrastructure, echoing the disruptive consequences witnessed in previous high-profile attacks, like the Colonial Pipeline breach. The targeting of vital healthcare services not only jeopardizes patient care, but also sets a dangerous precedent for future cyber extortion schemes. 

Reach Out To Us

Recent Posts

Schedule a DISCOUNTED Cyber Security Risk Assessment

For a limited time, qualifying businesses can gain insight to their security risks for a discounted rate! We’ll provide a comprehensive cybersecurity assessment, complete with an analysis of vulnerabilities and backup & disaster recovery plan. This offer is good on a scan of up to 100 endpoints.

Learn More