![[US] Hacker forum post claims UnitedHealth paid $22m ransom to regain data access](http://globalpayrollassociation.com/cdn/shop/articles/bigstock-United-Health-Care-Corporate-H-134608085_1200x.jpg?v=1709797583)
According to a post made on a hacker forum popular with cybercriminals, UnitedHealth Group paid $22 million in a bid to recover access to its data and systems following their encryption by the "Blackcat" ransomware gang, Reuters reports.
Two researchers broke the news of the post. UnitedHealth has not commented on the alleged ransom payment and neither have the hackers involved. However, a cryptocurrency tracing firm was able to partially corroborate the claim on March 4.
It is reportedly not uncommon for large companies that fall victim to ransomware gangs to decide to pay the hackers to regain control of their networks. Particularly where customers and partners have been significantly disrupted.
The break-in at UnitedHealth's Change Healthcare unit caused disruption across the US and has been the object of ongoing speculation online. Last week, Blackcat claimed that it had stolen millions of sensitive records in the hack then swiftly deleted the post without explanation.
The forum post, dated March 3, stated that a partner of Blackcat was responsible for the UnitedHealth breach. The message was allegedly from the partner and included a link showing that someone had moved about 350 bitcoins - with a current value of around $23 million as the value of the cryptocurrency rises - from one digital currency wallet to another.
Details of the owner or owners of the respective wallets are not publicly available but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat. The firm added that it had seen the same address used to collect ransom payments from other AlphV victims.
When questioned whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."
According to Reuters, Blackcat has not responded to repeated messages sent over several days and the news agency could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made. It was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.
The ripple effect of the ransomware attack has continued to spread across the US medical system as Change Healthcare's billing services reportedly remain paralysed. On March 5, the American Medical Association asked the Biden administration to make emergency funds available to physicians impacted by the outage.
Source: Reuters
(Links and quote via original reporting)
According to a post made on a hacker forum popular with cybercriminals, UnitedHealth Group paid $22 million in a bid to recover access to its data and systems following their encryption by the "Blackcat" ransomware gang, Reuters reports.
Two researchers broke the news of the post. UnitedHealth has not commented on the alleged ransom payment and neither have the hackers involved. However, a cryptocurrency tracing firm was able to partially corroborate the claim on March 4.
It is reportedly not uncommon for large companies that fall victim to ransomware gangs to decide to pay the hackers to regain control of their networks. Particularly where customers and partners have been significantly disrupted.
The break-in at UnitedHealth's Change Healthcare unit caused disruption across the US and has been the object of ongoing speculation online. Last week, Blackcat claimed that it had stolen millions of sensitive records in the hack then swiftly deleted the post without explanation.
The forum post, dated March 3, stated that a partner of Blackcat was responsible for the UnitedHealth breach. The message was allegedly from the partner and included a link showing that someone had moved about 350 bitcoins - with a current value of around $23 million as the value of the cryptocurrency rises - from one digital currency wallet to another.
Details of the owner or owners of the respective wallets are not publicly available but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat. The firm added that it had seen the same address used to collect ransom payments from other AlphV victims.
When questioned whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."
According to Reuters, Blackcat has not responded to repeated messages sent over several days and the news agency could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made. It was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.
The ripple effect of the ransomware attack has continued to spread across the US medical system as Change Healthcare's billing services reportedly remain paralysed. On March 5, the American Medical Association asked the Biden administration to make emergency funds available to physicians impacted by the outage.
Source: Reuters
(Links and quote via original reporting)