Two experts assert that UnitedHealth Group (UNH.N) paid $22 million to regain access to data and systems encrypted by the “Blackcat” ransomware gang. The claim surfaced in a post on a hacker forum widely frequented by cybercriminals.
The purported ransom payment has not received responses from either UnitedHealth or the involved hackers. However, on Monday, a bitcoin tracing service partially confirmed the story.
Large corporations targeted by ransomware gangs rarely choose to pay hackers to regain control of their networks. This is especially true when there has been a significant disruption to customers and partners.
The forum post, dated Sunday, stated that a Blackcat partner was responsible for the infiltration into UnitedHealth. The partner allegedly sent a message that included a link. The link indicated that someone had transferred approximately 350 bitcoins, currently worth around $23 million as the cryptocurrency’s value climbs, from one digital currency wallet to another.
The owner or owners of the various wallets remain publicly unknown. However, blockchain analysis firm TRM Labs has revealed that the funds’ destination is “associated with AlphV,” also known as Blackcat. TRM Labs has observed the address being used to collect ransom payments from other AlphV victims.
When asked if it had paid the ransom, UnitedHealth simply stated that it was “focused on the investigation and recovery.”
Blackcat has yet to react to multiple messages from Reuters delivered over many days. Reuters could not immediately find contact information for the alleged partner hacker group or access the cybercrime site where the post was published. However, the news agency managed to view screenshots separately obtained by two researchers, including Dmitry Smilyanets from Recorded Future.
The break-in at UnitedHealth’s Change Healthcare unit, which has caused widespread inconvenience, has piqued online interest. Blackcat claimed last week that it had stolen millions of sensitive records in the hack, but then deleted the post without explanation.
Meanwhile, the suffering has extended throughout the US medical system, with Change Healthcare’s billing services still immobilized. The American Medical Association requested the Biden administration on Monday to provide emergency funds to physicians affected by the outage.
Click here for more news on Technology.