$10 Million Reward Offered by US for Information on Change Healthcare Hackers

The US Department of State recently made headlines by offering a hefty reward of up to $10 million for any valuable information regarding the Alphv/BlackCat ransomware operators and their associates. This move comes in response to the disruptive cyber activities conducted by the ransomware group, which has been active since 2021 and has targeted over 1,000 victims globally, including prominent organizations such as MGM Resorts, NCR, Reddit, Swissport, and Western Digital.

One of the notable incidents attributed to this group is the attack on Change Healthcare in February, which severely impacted the operations of the healthcare transactions processor. Over 100 applications were affected, leading to significant disruptions for over 7,000 pharmacies and hospitals in processing prescriptions.

In December 2023, US law enforcement managed to dismantle BlackCat’s infrastructure, following which they announced the reward offer for information on the key members of the cybergang. However, in response to this takedown, the group removed all restrictions on its affiliates, empowering them to target any type of organization. Change Healthcare became one of the first major victims in the healthcare sector to fall prey to BlackCat's activities.

The renewed reward offer emphasizes the group's involvement in malicious cyber activities against critical infrastructure sectors, both in the US and globally. The Treasury Department highlights the ransomware-as-a-service business model employed by BlackCat, where members develop and distribute the ransomware variant, while affiliates execute the attacks, with profits shared among them.

While the announcement doesn't explicitly mention Change Healthcare, the reference to BlackCat affiliates suggests a connection to the incident involving the healthcare organization. It was reported that an affiliate of the group claimed to have stolen terabytes of data from Change Healthcare, leading to a substantial ransom payment of $22 million. However, the BlackCat operators refused to pay their share of the proceeds, sparking fears of data leaks.

In response to the attack, Change Healthcare's parent company, UnitedHealth, announced the restoration of most systems and services, including the claims network. They enlisted the help of cybersecurity firms to bolster their network security, detect malicious activities, strengthen defenses, and ensure the integrity of redeployed systems.

Overall, the reward offer by the US Department of State underscores the severity of cyber threats posed by ransomware groups like Alphv/BlackCat and the importance of collaboration between law enforcement agencies and the public to combat such criminal activities.