Hacker forum post claims UnitedHealth paid $22 million ransom in bid to recover data


FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020. REUTERS/Mike Blake/File Photo

WASHINGTON (Reuters) - A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group paid $22 million in a bid to recover access to data and systems encrypted by the "Blackcat" ransomware gang, according to two researchers.

Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing firm partially corroborated the claim on Monday.

It is not uncommon for large companies that have been victimized by ransomware gangs to decide to pay the hackers to regain control of their networks, especially in instances where a significant disruption to customers and partners occurred.

The forum post, dated Sunday, said a partner of Blackcat was responsible for the intrusion into UnitedHealth. The message, allegedly from the partner, included a link showing that someone had moved about 350 bitcoins, now worth about $23 million as the value of the cryptocurrency rises, from one digital currency wallet to another.

The owner or owners of the respective wallets is not publicly available, but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat, noting it had seen that address used to collect ransom payments from other AlphV victims.

Asked whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."

Blackcat has not responded to repeated messages from Reuters sent over several days. Reuters could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made, although it was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.

The break-in at UnitedHealth's Change Healthcare unit, which has sparked disruption across the United States, has been the object of online intrigue. Blackcat claimed last week that it had stolen millions of sensitive records in the hack, only to quickly delete its post without explanation.

Meanwhile, the pain has continued to spread across the U.S. medical system as Change Healthcare's billing services remain paralyzed. The American Medical Association on Monday asked the Biden administration to make emergency funds available to physicians hurt by the outage.

(Reporting by Raphael Satter and Zeba Siddiqui; Editing by Jamie Freed)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Software provider EPAM lifts annual forecasts as IT spending rises
India raids offices of sellers using Amazon, Flipkart platforms, sources say
Arm Holdings shares fall after forecast fails to impress investors
Amazon to invest $1.3 billion in Italy data centre business
Dell opens AI centre in Shenzhen as PC maker shows commitment to China
Corning faces EU probe into smartphone ‘Gorilla Glass’
Tech giants brace�for AI revamp, antitrust pullback in Trump 2.0
UBS pilots blockchain-based payment system
How a viral TikTok video compelled city to replace broken street lamps
Poco launches its C75 smartphone (priced from RM499) and Poco Pad (from RM1,399) in Malaysia

Others Also Read