March 4, 2024 at 12:48PM
ALPHV/BlackCat ransomware gang has shut down its servers amid claims they scammed an affiliate of $22 million for an attack on Optum through the Change Healthcare platform. It is unclear if this is an exit scam or a rebranding attempt. The gang has a history of rebranding, with previous iterations including DarkSide and BlackMatter.
Based on the meeting notes, it is clear that the ALPHV/BlackCat ransomware gang has shut down its servers amid claims of a scam involving a $22 million ransom from Optum. The gang’s negotiation sites and ransomware operations have also been shut down, leading to speculation about whether this is an exit scam or a rebranding effort. The situation has raised concerns about the potential impact on Change Healthcare, a payment exchange platform that connects various stakeholders within the U.S. healthcare system.
The alleged scam involves an affiliate responsible for the attack on Optum, who claims that ALPHV banned them from the operation and stole the $22 million ransom allegedly paid by Optum for the Change Healthcare attack. This affiliate asserts that they still possess critical data from Optum, including information from numerous insurance companies and service providers.
Notably, there are indications that the recent developments could be linked to an exit scam, where the ransomware gang steals cryptocurrency from its affiliates before shutting down operations. This pattern of behavior is consistent with the gang’s history of rebranding and resuming operations under new names following disruptions and law enforcement pressure.
The meeting notes also highlight the gang’s previous transformations, from DarkSide to BlackMatter and eventually to ALPHV/BlackCat. It is worth noting that the FBI had previously breached the gang’s servers, monitored its activity, and obtained private decryption keys to help over 400 victims recover their data without paying a ransom.
In conclusion, the actions of the ALPHV/BlackCat ransomware gang, including the shutdown of servers and the alleged scam involving the $22 million ransom, underscore the ongoing challenges posed by ransomware operations and their potential impact on organizations such as Change Healthcare and its affiliated entities. The situation warrants continued monitoring and proactive measures to address potential cybersecurity threats and data breaches.