CyberScoop reports that the ALPHV/BlackCat ransomware operation has ramped up efforts to launder proceeds from ransomware attacks, including the $22 million ransom reportedly provided by UnitedHealth Group following an intrusion against its payment processing subsidiary Change Healthcare in February.
Money laundering efforts by the ransomware group have particularly escalated during the last week of March, with nearly $3.5 million worth of bitcoin from the group's cryptocurrency wallets transferred to a mixing service on March 27, a report from TRM Labs showed. ALPHV/BlackCat-linked cryptocurrency wallets were also discovered to have made several withdrawals from March 22 to 27 that were delivered to a global exchange, said TRM Labs Global Head of Policy Ari Redbord.
Such a development comes after ALPHV/BlackCat affiliate "notchy" claimed that it was not given a share of the ransom by the ransomware gang, which chose to dismantle itself through a fake law enforcement takedown. While data stolen from Change Healthcare is yet to be offered for sale as attackers, such information could eventually be leveraged to compromise other networks, noted Intel471 Vice President of Intelligence Operations Garrett Carstens.
