Is the BlackCat/AlphV ransomware gang self-destructing?

March 4, 2024

1 min.

The ongoing saga of the BlackCat/AlphV ransomware gang continues, with a news report that the crew has shut down its servers after a controversial hack of an American healthcare services provider.

Bleeping Computer says the gang’s data leak blog shut on Friday and the sites it uses to negotiate ransom payments closed today.

This comes after

— a gang affiliate last month was allegedly paid US$22 million after its data theft and ransomware attack disrupted the services of Change Healthcare, which provides a range of services to hospitals and clinics including processing pharmacy prescriptions and healthcare payments;

— on the heels of that incident, the BlackCat/AlphV operators reportedly plucked that payment back from the affiliate’s digital wallet before shutting down operations.

Got it?

Bleeping Computer says it’s unclear whether the closure is an exit scam or an attempt to rebrand the gang under a different name. BlackCat, the news service points out, is a rebrand of the DarkSide ransomware operation.

All this comes after American cyber authorities in December seized several of the group’s data leak and communications sites and published a decrypter that victim organizations can use to get access back to scrambled data.

It isn’t unknown why BlackCat/AlphV operators struck at one of its partners. Because of the December hit, the gang said it removed all of its rules forbidding affiliates allowed to use its ransomware to attack critical infrastructure like the healthcare sector.

In fact, the attack on Change Healthcare appeared to be a sign that BlackCat/AlphV had bounced back from the December blow.

Rick Pollack, CEO of the American Hospitals Association, called it “the most serious incident of its kind levelled against an U.S. healthcare organization.” According to Change Healthcare, he noted, the company processes 15 billion healthcare transactions annually and touches one in every three American patient records.

The incident is serious enough that, according to Politico, the White House’s National Security Council started looking into ways to provide short-term financial relief to U.S. hospitals. Arguably, attention from the White House is not what a ransomware gang wants.

The post Is the BlackCat/AlphV ransomware gang self-destructing? first appeared on IT World Canada.

Howard Solomon https://www.itworldcanada.com

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Cyber Security Today, May 10, 2024 – Patches for F5’s Next Central Manager released, Dell discovers data theft covering millions, and more

Cyber Security Today, May 8, 2024 – The alleged LockBit ransomware leader is identified, and the gang makes false claims of new victims

Microsoft Ties Executive Pay to Security Performance to Boost Cybersecurity Focus

Cyber Security Today, May 6, 2024 – Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and...

Microsoft reveals critical security flaw affecting Android apps

Google Play introduces new biometric verification with a user warning

Early adopters returning Apple Vision Pro headsets

Apple Vision Pro turning up in unusual and unsafe usage

Elon Musk’s Neural Link has issues in human trials. Hashtag Trending for Friday, May 10, 2024

Elon Musk’s Neuralink has issues with first human implant

Google’s Deep Mind potential for groundbreaking advancements in medicine and agriculture

Loss of Taiwan chip facilities would be “catastrophic” for US economy: US Secretary of State.