March 6, 2024 at 06:54AM
The Alphv/BlackCat gang has announced the shutdown of its ransomware operation and the sale of its source code. This follows a dispute over a $22 million ransom payment from Change Healthcare, with an affiliate claiming the gang refused to share the fee, prompting suspicions of an exit scam. The incident underscores the risks of dealing with ransomware groups and the importance of data security measures.
Based on the meeting notes, it seems that the Alphv/BlackCat gang has announced the shutdown of its ransomware operation and has apparently found a buyer for the malware’s source code. The announcement comes after a law enforcement takedown effort forced the gang to move to new infrastructure.
Cybersecurity experts believe that BlackCat’s shutdown may be an exit scam, triggered by the gang leaders’ reluctance to share a $22 million ransom payment with their affiliates. The payment is suspected to have come from Change Healthcare, the victim of a cyberattack perpetrated by BlackCat on February 21.
Affiliates in RaaS operations are typically responsible for intrusion into victim networks and receive a percentage of the ransom as a fee. BlackCat initially boosted the affiliate fees to 90% after the law enforcement takedown but allegedly failed to honor their promise. An affiliate claims to possess terabytes of data stolen from Change Healthcare and accuses BlackCat of scamming them.
Following the shutdown announcement, a BlackCat representative blamed law enforcement and displayed an alleged takedown notice on the group’s leak sites. However, cybersecurity expert Fabian Wosar disputes the claim, suggesting that the notice is a coverup.
The potential consequences of BlackCat’s actions include the leakage or sale of allegedly stolen data, as well as potential demands for additional ransom payments. Cybersecurity experts stress the importance of organizations investing in data security tools and not succumbing to extortion attempts.
There are doubts about BlackCat’s true intentions, with suggestions that the gang may be attempting to extort more money from Change Healthcare. The situation presents significant risks, especially considering the substantial sums of money involved.
Additionally, the US government has offered a $10 million reward for information on the leaders of the BlackCat ransomware group, and a recent ransomware attack on LoanDepot exposed data from 16.9 million individuals.
Overall, the meeting notes highlight the complex and high-stakes nature of ransomware operations and the importance of robust cybersecurity measures for organizations.