Change Healthcare Faces Aggravating Ransomware Consequences
Change Healthcare has long been entangled within a chaotic ransomware crisis, adversely impacting numerous pharmacies and medical facilities across the United States, rendering them incapable of processing essential claims. Regrettably, the situation has recently taken a turn for the worse due to an internal disagreement within the ransomware criminal community.
Shift in Ransomware Dynamics
Previously, in March, AlphV, a ransomware group that had allegedly executed the encryption of Change Healthcare’s network, issued threats to expose vast volumes of the company’s confidential healthcare data. A $22 million payment was seemingly made to AlphV, as evidenced on Bitcoin’s blockchain, thereby indicating compliance with the ransom demands, although the company has refrained from confirming the transaction. Nevertheless, a fresh and distressing narrative has emerged; a distinct ransomware faction now declares possession of Change Healthcare’s pilfered information and demands a ransom for its release.
New Ransomware Stakeholders
Enter RansomHub, a recent entrant into the ransomware sphere, which has asserted control over 4 terabytes of data extracted from Change Healthcare’s databases. In an ultimatum published on the dark web, RansomHub threatens to auction off the compromised data to the highest bidder unless an undisclosed sum is remitted by Change Healthcare. Notably, RansomHub has disassociated itself from AlphV and refrains from divulging specific ransom figures.
Initially evasive, RansomHub declined to furnish verifiable proof of its data stockpile. Subsequently, however, they imparted several screenshots to WIRED, showcasing patient records and contractual agreements involving United Healthcare, the parent company of Change Healthcare. Though confirmation of RansomHub’s claims remains pending, the exhibited samples intimate a tangible degree of credibility to their extortion plot.
Expert Insights
Ransomware analyst Brett Callow expressed skepticism regarding AlphV’s initial refusal to leak data, casting uncertainty on the origins of RansomHub’s purported information. Notwithstanding, security expert Jon DiMaggio affirms the authenticity of RansomHub’s assertions post his scrutiny of the data snippets. Highlighting RansomHub’s emergent prominence in the ransomware realm, DiMaggio indicates apparent validity in their claims, underscoring the escalating threat posed by this new group.
If validated, RansomHub’s actions serve as a stark reminder of the peril inherent in acceding to ransomware demands. Change Healthcare’s plight underscores the hazards of placing trust in ransomware syndicates, exemplified by AlphV’s vanishing act subsequent to a sizeable ransom payout earlier this year. The repercussions of these decisions echo cautionary lessons in navigating the treacherous landscape of cyber extortion.
Image/Photo credit: source url