"Second Ransomware Group Extorting Change Healthcare"

It has recently been revealed that one month after paying cybercriminals to prevent the public release of data stolen in a February 2024 ransomware attack, Change Healthcare is being extorted again by a different cybercrime group.  Change Healthcare, a subsidiary of health insurance and services company UnitedHealth Group processes billions of healthcare transactions each year, and the ransomware attack crippled the healthcare system throughout the US.  In late February, roughly one week after the incident occurred, the Alphv/BlackCat ransomware gang claimed responsibility for disrupting Change Healthcare’s operations and for stealing over 4TB of data, including personal information, payment details, insurance records, and other types of sensitive information.  A week later, the ransomware group, announced that the FBI raided them and that they are closing shop for good.  Researchers noted that the move, however, was likely an exit scam, as the BlackCat operators were unwilling to share a $22 million ransom payment that UnitedHealth Group apparently made just the day before.  Now, one month after BlackCat’s exit scam, a RaaS group named RansomHub has Change Healthcare listed on its leak site, claiming to be in possession of the 4TB of stolen data and threatening to make it public unless a ransom is paid.  The RansomHub group’s administrators told the research and threat intelligence project Vx-Underground that former BlackCat affiliates are actively joining their operation, thus explaining how they came by the Change Healthcare data.  

 

SecurityWeek reports: "Second Ransomware Group Extorting Change Healthcare"

Submitted by Adam Ekwall on