Compromiseseverity: Critical2024-02-21
Change Healthcare ransomware incident attributed to ALPHV BlackCat
published by Krebs on Security
Actor
Russian-speaking ransomware-as-a-service operation, first observed November 2021, notable as the first prominent ransomware family written in Rust. Operated the affiliate program responsible for the…
Summary
UnitedHealth Group's Change Healthcare subsidiary was crippled by ALPHV BlackCat ransomware after the actors used credentials on a remote-access portal lacking multi-factor authentication. The incident disrupted U.S. healthcare claims and pharmacy processing for weeks and ultimately involved a roughly $22 million ransom payment that the operators kept rather than sharing with the affiliate who conducted the intrusion.
Tags
healthcaresupply-chainextortionmfa
Primary source
krebsonsecurity.comOther ALPHV/BlackCat events
- 2025-11-19Two U.S. cybersecurity workers plead guilty to ALPHV BlackCat affiliate scheme
- 2024-03-05ALPHV BlackCat shuts down in apparent exit scam after Change Healthcare payment
- 2023-12-19FBI-led international operation seizes ALPHV infrastructure and releases decryptor
- 2023-12-19Joint CISA/FBI/HHS advisory AA23-353A on ALPHV BlackCat
- 2021-11-01ALPHV/BlackCat Rust-based RaaS first observed