Hackers Behind the Change Healthcare Ransomware Assault Simply Acquired a $22 Million Cost

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

That affiliate hacker additionally wrote that of their penetration of Change Healthcare’s community, that they had accessed the info of quite a few different well being care companies partnered with the corporate. If that declare is correct, Recorded Future’s Smilyanets factors out, it creates the extra danger that the affiliate hacker nonetheless possesses delicate medical info. Even when Change Healthcare did pay AlphV, the hacker affiliate may nonetheless demand further fee or leak the info independently.

“The associates nonetheless have this information, and so they’re mad they didn’t obtain this cash,” says Smilyanets. “It’s a superb lesson for everybody. You can’t belief criminals; their phrase is price nothing.”

As ransomware funds go, $22 million would signify a remarkably worthwhile rating for AlphV. Solely a comparatively small variety of ransoms within the historical past of ransomware, such because the $40 million fee made by the monetary agency CNA to the hackers generally known as Evil Corp, have been so giant, says Emsisoft’s Callow. “It’s not with out precedent, nevertheless it’s definitely very uncommon,” he says.

No matter whether or not Change Healthcare is confirmed to have paid that ransom, the assault exhibits that AlphV has pulled off a disturbing comeback: In December, it was the goal of an FBI operation that seized its darkish web pages and launched decryption keys that foiled its assaults on a whole lot of victims. Simply two months later, it carried out the cyberattack that paralyzed Change Healthcare, triggering an outage whose results on pharmacies and their sufferers have now stretched properly past every week. As of final Tuesday, AlphV listed 28 firms on the darkish web page it makes use of to extort its victims, not together with Change Healthcare.

That web site has now gone offline. As of Tuesday morning, it displayed what gave the impression to be a legislation enforcement seizure discover, however safety researcher Fabian Wosar factors out that the discover appears to have been copied from AlphV’s final takedown. The explanation for the group’s disappearance—whether or not resulting from one other legislation enforcement operation or AlphV’s makes an attempt to dodge its personal cheated associates—is unclear. Ransomware trackers say AlphV has disappeared and rebranded a number of instances earlier than. Earlier incarnations below the title BlackCat, BlackMatter, and Darkside had been all kind of the identical group, safety researchers observe.

In truth, the hackers working below that Darkside deal with had been chargeable for the 2021 Colonial Pipeline ransomware assault that triggered the shutdown of fuel transportation throughout the Jap Seaboard of the US and resulted in a quick gas scarcity in some East Coast cities. In that case, too, the victims paid the hackers’ ransom. “It was the toughest determination I’ve made,” Colonial’s CEO Joseph Blount later informed a US congressional listening to.

Now, it appears, a number of the similar hackers could have compelled yet one more firm to make that very same exhausting determination.

Replace 3/4/2024, 1:50 pm EST: Included further contextual particulars about AlphV and associated ransomware assaults.

Up to date 3/5/2024, 10:30 am EST to notice that AlphV’s darkish web page now shows what seems to be a legislation enforcement takedown message.

The hackers behind the current Change Healthcare ransomware assault have simply acquired a fee of $22 million in trade for restoring entry to the corporate’s programs and information. The assault, which occurred final month, precipitated widespread disruptions to Change Healthcare’s operations and put delicate affected person info in danger.

The ransom fee was made in Bitcoin, a well-liked cryptocurrency recognized for its anonymity and lack of regulation. Whereas the precise identification of the hackers stays unknown, cybersecurity specialists are working to hint the origins of the assault and stop comparable incidents sooner or later.

Change Healthcare has acknowledged that they’re working carefully with legislation enforcement and cybersecurity specialists to research the assault and enhance their defenses in opposition to future threats. They’ve additionally notified affected sufferers and companions in regards to the breach and have taken steps to reinforce their safety measures.


Ransomware assaults proceed to be a big risk to companies and organizations around the globe. It’s important for firms to put money into sturdy cybersecurity measures and worker coaching to stop and mitigate the impression of such assaults. Because the ransomware panorama evolves, it’s essential for organizations to remain vigilant and proactive in defending in opposition to cyber threats.


Q: How frequent are ransomware assaults?
A: Ransomware assaults have been on the rise in recent times, with hackers concentrating on companies, hospitals, and authorities businesses to extort cash in trade for restoring entry to programs and information.

Q: How can organizations defend themselves from ransomware assaults?
A: Organizations can defend themselves from ransomware assaults by implementing sturdy cybersecurity measures, together with common information backups, worker coaching on safety finest practices, and investing in superior risk detection applied sciences.

Q: Ought to firms pay ransom to hackers?
A: The choice to pay ransom to hackers is advanced and controversial. Some specialists argue that paying ransom encourages additional assaults, whereas others consider it’s the solely solution to regain entry to vital information and stop additional disruptions to enterprise operations. In the end, every group should weigh the dangers and advantages of paying ransom primarily based on its particular circumstances.

We use tools, such as cookies, to enable basic services and functionality on our site and to collect data about how visitors interact with our site, products, and services. By clicking Accept, you agree to our use of these tools for advertising, analytics and support.