Change Healthcare, a subsidiary of UnitedHealth Group, has been facing renewed extortion from cybercriminals just a month after paying a ransom to prevent the release of data stolen in a February 2024 ransomware attack.
The attack, orchestrated by the ALPHV/BlackCat ransomware gang, severely disrupted healthcare operations across the US, compromising over 4TB of sensitive data, including personal and financial records.
Following the attack, the BlackCat group claimed responsibility but later announced their closure after being raided by the FBI. However, suspicions arose when they failed to share a $22 million ransom payment reportedly made by UnitedHealth Group.
Now, a new ransomware group - RansomHub - has surfaced, threatening to expose the stolen data unless another ransom is paid.
RansomHub, which emerged in February 2024, boasts former BlackCat affiliates among its ranks, potentially explaining how they acquired Change Healthcare's data.
According to a dark web blog post discovered by cybersecurity analyst Dominic Alvieri on Monday, RansomHub operates on a ransomware-as-a-service model.
The group also allows affiliates to retain 90% of ransom proceeds, addressing concerns raised by BlackCat's exit scam.
While speculation surrounds RansomHub's connection to BlackCat, SOCRadar suggests they may be distinct entities, with RansomHub's emergence predating the exit scam.
Regardless, the resurgence of extortion highlights the risks faced by ransomware victims.
The double-extortion attempt comes weeks after sensitive Swiss federal government data was leaked by the Play ransomware group.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 09 Apr 2024 15:30:19 +0000