What about the criminal code? Does it mean nothing to ransomware?
ALPHV/BlackCat, a group of cybercriminals known for their ransomware attacks, suddenly stopped their activities, which caused a lot of speculation on the network. The events unfolded after the group's representatives were accused of fraud against the affiliate responsible for the attack on the operator of the Change Healthcare platform, Optum.
The BlackCat data leak blog suddenly became unavailable starting on March 1, when both buyout negotiation sites continued to operate over the weekend. However, it was later confirmed that the negotiation sites also stopped working.
On the Tox messaging platform, which was used by cybercriminals, a short message "Everything is turned off, we decide"appeared. While it is not completely clear what exactly the representatives of the group decided, whether it was some kind of technical failure or a deliberate shutdown of the infrastructure.
Change Healthcare is a payment exchange platform connecting doctors, pharmacies, health care providers, and patients in the U.S. healthcare system, whose operator hacking was previously attributed to ALPHV.
Optum, a company directly linked to Change Healthcare, allegedly paid a $ 22 million ransom for distributing stolen data and obtaining a decryptor, but despite the successful attack, the ALPHV/BlackCat group excluded the affiliate from the operation and appropriated the entire ransom to itself.
The affected affiliate even published a separate message on the underground Ramp forum, where he described in detail the above series of events, noting also that he had worked with the ALPHV group for a long time, but after such a dastardly move on their part, he called on none of the dark hackers not to cooperate with it, because of the real risk of "being thrown", despite clear performance of their duties as an affiliate.
Such large cybercrime operations as ALPHV or LockBit still exist in many ways and do not slow down the pace of attacks due to the large number of affiliates who themselves carry out attacks on behalf of the parent group (proprietary tools are provided), and the resulting ransom is then divided between affiliates and management.
The alleged ALPHV affiliate, who goes by the nickname "notchy", also claims that he still has 4 TB of Optum's "critical data", which he describes as "production data that will affect all Change Healthcare and Optum customers," possibly hinting that he may leak this data, irrevocably tarnishing ALPHV's reputation as a ransomware group., if the payment issue is not resolved.
ALPHV / BlackCat, which began operating in 2020 under the name DarkSide, has experienced several restarts and has been known for attacks on critical infrastructure, including the attack on the Colonial Pipeline, which led to panic and a shortage of gasoline in the United States.
After a series of operations to combat law enforcement agencies, the group has repeatedly changed its names and tactics. Who knows, maybe this situation will also lead to a restart of the grouping.
ALPHV/BlackCat, a group of cybercriminals known for their ransomware attacks, suddenly stopped their activities, which caused a lot of speculation on the network. The events unfolded after the group's representatives were accused of fraud against the affiliate responsible for the attack on the operator of the Change Healthcare platform, Optum.
The BlackCat data leak blog suddenly became unavailable starting on March 1, when both buyout negotiation sites continued to operate over the weekend. However, it was later confirmed that the negotiation sites also stopped working.
On the Tox messaging platform, which was used by cybercriminals, a short message "Everything is turned off, we decide"appeared. While it is not completely clear what exactly the representatives of the group decided, whether it was some kind of technical failure or a deliberate shutdown of the infrastructure.
Change Healthcare is a payment exchange platform connecting doctors, pharmacies, health care providers, and patients in the U.S. healthcare system, whose operator hacking was previously attributed to ALPHV.
Optum, a company directly linked to Change Healthcare, allegedly paid a $ 22 million ransom for distributing stolen data and obtaining a decryptor, but despite the successful attack, the ALPHV/BlackCat group excluded the affiliate from the operation and appropriated the entire ransom to itself.
The affected affiliate even published a separate message on the underground Ramp forum, where he described in detail the above series of events, noting also that he had worked with the ALPHV group for a long time, but after such a dastardly move on their part, he called on none of the dark hackers not to cooperate with it, because of the real risk of "being thrown", despite clear performance of their duties as an affiliate.
Such large cybercrime operations as ALPHV or LockBit still exist in many ways and do not slow down the pace of attacks due to the large number of affiliates who themselves carry out attacks on behalf of the parent group (proprietary tools are provided), and the resulting ransom is then divided between affiliates and management.
The alleged ALPHV affiliate, who goes by the nickname "notchy", also claims that he still has 4 TB of Optum's "critical data", which he describes as "production data that will affect all Change Healthcare and Optum customers," possibly hinting that he may leak this data, irrevocably tarnishing ALPHV's reputation as a ransomware group., if the payment issue is not resolved.
ALPHV / BlackCat, which began operating in 2020 under the name DarkSide, has experienced several restarts and has been known for attacks on critical infrastructure, including the attack on the Colonial Pipeline, which led to panic and a shortage of gasoline in the United States.
After a series of operations to combat law enforcement agencies, the group has repeatedly changed its names and tactics. Who knows, maybe this situation will also lead to a restart of the grouping.
