Cyber gang BlackCat, also known as ALPHV and Noberus, has allegedly scammed its own affiliates, making off with millions in Bitcoin after targeting the U.S. healthcare system. This incident sheds light on the precarious nature of cybercriminal alliances and underscores the importance of enhanced cybersecurity measures within the healthcare sector.
BlackCat’s Operation and the Change Healthcare Attack
An address linked to the ransomware gang received approximately $22 million in Bitcoin on March 1, following a late February assault on United Healthcare’s Change Healthcare. This tech firm is a critical service provider to hospitals and clinics across the United States. However, the situation took a dramatic turn when, just two days later, the address received over 1,000 BTC and was promptly drained.
Allegations of Deception
An individual operating under the pseudonym “notchy,” who claimed to be an affiliate of BlackCat, alleged in a cybercriminal forum post that the gang had not distributed the promised shares from the ransom. This claim suggests a significant breach of trust within the cybercriminal community, potentially leading to instability and retaliatory actions.
The Fallout and Ongoing Threat
Despite the apparent exit scam, affiliates who participated in the attack on Change Healthcare reportedly still possess sensitive data from the breach. This lingering threat highlights the ongoing risks posed by the compromised data, potentially affecting numerous healthcare providers connected to Change Healthcare.
BlackCat’s History and Law Enforcement Response
Since its inception in late 2021, BlackCat has targeted a variety of organizations worldwide, including a notable attack on Reddit in 2023. The group’s operations were significantly disrupted in December 2023 when the FBI shut down its website, seized associated domains, and released a decryption tool to aid affected entities. Additionally, the U.S. Department of State has recently announced substantial rewards for information leading to the capture or identification of key BlackCat members, signaling a concerted effort to combat the group’s activities.
Conclusion
The BlackCat saga is a stark reminder of the intricate and often perilous world of cybercrime. As cybersecurity threats continue to evolve, both public and private sectors must remain vigilant and collaborate closely to protect sensitive information and infrastructure from such malicious actors.