A hacker forum post claimed that UnitedHealth paid a $22 million ransom to recover the data. By Reuters
© Reuters. FILE PHOTO: UnitedHealth Group’s corporate logo appears on the side of one of its office buildings in Santa Ana, California, USA, April 13, 2020. REUTERS/Mike Blake/File Photo
Raphael Satter
WASHINGTON (Reuters) – UnitedHealth Group (NYSE:) is seeking to recover access to data and systems encrypted by the “Blackcat” ransomware gang, according to two researchers, according to a post on a hacker forum popular with cybercriminals. He claimed to have paid $10,000.
Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but on Monday a cryptocurrency tracking company partially corroborated the claims.
It’s not uncommon for large companies hit by ransomware groups to decide to pay hackers to regain control of their networks, especially if it causes significant disruption to customers and partners.
A forum post published Sunday said Blackcat’s partners were responsible for the intrusion into UnitedHealth. The message sent by the partner included a link showing that someone had moved about 350 bitcoins, worth about $23 million, from one digital currency wallet to another as the value of the cryptocurrency rose.
The owners of each wallet cannot be publicly identified, but blockchain analytics firm TRM Labs said the destination of the funds was “linked to AlphV,” also known as Blackcat, and that it had seen addresses used to collect ransom money in other wallets. Yes. AlphV victim.
When asked whether the ransom was paid, UnitedHealth said only that it was “focused on the investigation and recovery.”
Blackcat did not respond to repeated messages from Reuters for several days. Reuters was able to view screenshots taken independently by two researchers, including Recorded Future’s Dmitry Smilyanets, but could not immediately determine how they accessed the purported partner hacker group or the cybercrime forum where the posts were made.
The break-in at UnitedHealth’s Change Healthcare (NASDAQ:) unit, which sparked chaos across the United States, was the subject of an online conspiracy. Blackcat claimed last week that it had stolen millions of sensitive records in a hack but quickly deleted the posts without any explanation.
Meanwhile, the pain continued to spread throughout the U.S. health care system as Change Healthcare’s billing services remained paralyzed. The American Medical Association on Monday called on the Biden administration to provide emergency funding to doctors affected by power outages.