Ransomware gang BlackCat exit scams affiliates with millions in Bitcoin after attacking medical IT firm | #ransomware | #cybercrime

Cyber gang BlackCat allegedly scammed its own affiliates as the group went dark shortly after it disrupted the U.S. healthcare system.

An address associated with the ransomware gang BlackCat, also known as ALPHV and Noberus, received approximately $22 million worth of Bitcoin (BTC) on Mar. 1 following a late February attack on United Healthcare’s Change Healthcare, a tech firm providing services to hospitals and clinics.

However, a twist emerged two days later when the address received over 1,000 BTC and promptly emptied the wallet. Subsequently, an individual named “notchy,” claiming to be an affiliate of BlackCat, alleged in a post on a cybercriminal underground forum that the gang had deceived its affiliates as it didn’t pay them their share for executing the attack, according to a copy of the message shared on X by Dmitry Smilyanets, Recorded Future’s product management director.

The affiliate further disclosed that the attack on Change Healthcare’s network had granted access to the data of numerous other healthcare firms partnered with the medical IT provider. In a statement to Wired, Smilyanets confirmed that the affiliates “still have this data, and they’re mad they didn’t receive this money.”

Both Recorded Future and TRM Labs, a blockchain analysis firm, have reportedly identified the Bitcoin address that received nearly $100 million in Bitcoin as linked to the BlackCat hackers. According to MistTrack, all the BTC allegedly connected to illicit activity has been transferred to eight different addresses and remains unspent thus far.

Established in late 2021, BlackCat operated on a ransomware-as-a-service model, providing affiliates with malware and taking a percentage of ransom payments. Having targeted numerous companies worldwide, including Reddit in 2023, the gang’s website was shut down by the FBI in December 2023, resulting in the seizure of multiple websites and the release of a decryption tool.

However, in February 2024, the U.S. Department of State annoucned a reward offering of up to $10 million for information leading to the identification or location of individuals holding key leadership positions within the BlackCat group and up to $5 million for information leading to the arrest or conviction of anyone involved in the group.

Follow Us on Google News

Source link


National Cyber Security