The U.S. government has announced that it will extend its bounty for information on key leaders of the ALPHV/BlackCat cybercriminal organization to its affiliated members. One of them was credited with a massive ransomware attack against a US medical technology giant last month.
In a statement Wednesday, the U.S. State Department said it would offer up to a $10 million reward for information identifying or locating anyone associated with ALPHV/BlackCat, including “its persons, activities, or relationships with foreign governments.” He announced that he would provide money.
Russia-based ALPHV/BlackCat is a ransomware-as-a-service operation that recruits affiliates (de facto contractors who earn a fee to launch ransomware attacks) and pays a portion of the ransom demands paid by victims. receive. Although security researchers have not yet established any links between ALPHV/BlackCat and foreign governments, the State Department said in a statement that the gang “acts under the direction or control of foreign governments,” including Russia. ” hinted at the possibility.
The State Department has accused a prolific ransomware group of targeting critical infrastructure in the United States, including health services.
Last month, a group affiliated with the ALPHV/BlackCat gang took responsibility for a cyberattack and weeks-long outage on Change Healthcare, a U.S. health tech giant that processes the medical records of about one in three U.S. patients. The cyberattack cut off access to much of the U.S. health care system's patient records and billing information, causing a massive outage that delayed medication and prescription fulfillment and surgery approvals for weeks.
This affiliated group went public after the main ALPHV/BlackCat gang accused them of defrauding contracted hackers of $22 million in ransom allegedly paid by Change Healthcare to prevent a mass leak of patient records.
The group said ALPHV/BlackCat carried out an “exit scam” in which the hackers fled with property in order to avoid paying affiliates and keep the stolen funds for themselves.
The affiliated group claimed that despite losing its share of the ransom demands, it still had access to large amounts of confidential patient data that had been stolen.
Change Healthcare has since announced that it has removed the hacker from its network and restored many of its systems. Change Healthcare's parent company, UnitedHealth Group, has not yet confirmed whether patient data was stolen.