ALPHV/BlackCat infrastructure shut down as ransom theft allegations surface

BleepingComputer reports that the ALPHV/BlackCat ransomware operation had its servers and negotiation sites dismantled amid accusations from an affiliate behind the Change Healthcare attack claiming the ransomware gang's theft of $22 million allegedly paid by Optum, which manages the major healthcare revenue and payment cycle management provider's breached platform.

Despite having their account suspended by ALPHV/BlackCat, the affiliate, which goes by the username "notchy", alleged having 4TB of critical information from Optum, including data from various insurance firms and service providers. Such claims have been supported by notchy with a cryptocurrency payment address with an incoming payment of more than $23 million worth of bitcoin. UnitedHealthcare, which is the parent firm of both Optum and Change Healthcare, neither confirmed nor denied providing the ransom demanded by ALPHV/BlackCat, instead emphasizing its ongoing investigation into the incident. However, the ongoing affiliate drama may indicate yet another rebranding for ALPHV/BlackCat, which was once known as BlackMatter and DarkSide.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.