March 5, 2024 at 05:23PM
United Healthcare’s Change Healthcare subsidiary paid $22 million to ransomware attackers, but the move didn’t resolve the cyber incident. There are allegations of the attackers stealing the money and threatening to leak stolen data. The ransomware gang, BlackCat, is speculated to be undergoing an exit strategy, possibly related to Bitcoin value and the conflict in Ukraine.
Based on the meeting notes, it appears that there has been a significant cyber incident involving the Change Healthcare subsidiary of United Healthcare. It seems that after experiencing outages, Change Healthcare decided to pay off the BlackCat/ALPHV ransomware affiliate that breached its systems, but this did not lead to the expected resolution of the situation.
The aftermath of the ransomware attack has been filled with drama, including allegations of the BlackCat admins stealing the ransom payment from Change Healthcare and threats to leak critical data from other partners if they did not receive their share of the payment. Furthermore, there are indications that BlackCat may be initiating an exit scam, potentially rebranding and ceasing its current operations.
The situation has been further complicated by the potential involvement of law enforcement, the high value of Bitcoin, and geopolitical factors such as the situation in Ukraine. The actions and reputation of BlackCat seem to be under scrutiny, with efforts to undermine its standing and potential existential threats to its operational sustainability.
Change Healthcare has stated that they are focused on the investigation, indicating ongoing efforts to address the cyber incident and its aftermath.