iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The US government is advertising a major multimillion-dollar reward for information on the hackers that took down UnitedHealth earlier this year.
The US State Department said last week that it was offering up to US$10 million for information on the ALPHV (also known as BlackCat) ransomware gang, which was responsible for the attack on UnitedHealth subsidiary Change Healthcare.
The reward is specifically catered to those who are able to provide “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)”, according to a State Department press release.
The reward adds fuel to the theory that the ALPHV affiliate behind the Change Healthcare attack was indeed a state-sponsored threat actor.
Prior to this, UnitedHealth first identified the hacker behind the attack as being a state-sponsored actor before ALPHV demanded credit for the breach. Additionally, Menlo Security said it has discovered evidence that the responsible affiliate “Notchy” has ties to the Chinese government.
“The team has uncovered evidence that points to Notchy possibly being tied to China and this being a state-sponsored attack, and that Notchy possibly used SmartScreen Killer and/or the latest version of Cobalt Strike in their attack against Change Healthcare,” it said.
The US State Department’s search for ALPHV may prove to be a difficult task, as the threat group called it quits following the Change Healthcare attack.
After UnitedHealth paid US$22 million in ransom payments, ALPHV pocketed the money and went dark, leaving Notchy without its share.
The group claimed that it was taken down by law enforcement agencies once again, displaying a takedown banner on its dark web leak site. However, law enforcement agencies quickly confirmed they were not involved, as others pointed out that the takedown banner was an image saved from when the group was hit by law enforcement last year.
As large as the reward the State Department is offering, the costs continue to rise for UnitedHealth, which said it has advanced over US$3.3 billion in loans to assist care providers affected by the cyber attack, which delayed insurance claims processing.
Over 40 per cent of the loans have been given to federally qualified health centres and hospitals dealing with high-risk patients.
While not getting the same assistance from UnitedHealth, smaller medical institutions are receiving government assistance, having been hit even harder by the breach, with some weighing up whether to halt treatments or halt payments to staff.
Be the first to hear the latest developments in the cyber industry.
