Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

TechRadar

Sead Fadilpašić

BlackCat ransomware gang shuts down servers after multi-million dollar UnitedHealth payout — but is this really the end?

BlackCat (Organization) Change Healthcare Optum ALPHV BleepingComputer

ID theft.

The notorious BlackCat ransomware operator (also known as ALPHV) has apparentlly shut down its entire infrastructure, including servers, and websites.

The circumstances leading up to the decision are unclear, but some things point to a possible exit scam.

Over the weekend, the group shut down its negotiation sites and posted a message on the Tox messaging platform, reading “Everything is off, we decide”. Later during the day, the group changed the message to “GG,” short for “good game”. Gamers usually type “GG” when they concede and decide to quit the game.

Ransomware as a service?

While the group gave no explanation for its sudden termination, one of its affiliates claims to know what happened. Picked up by cybersecurity researchers Recorded Future, a message was posted by someone claiming to be a “longtime” BlackCat affiliate, who were also responsible for the attack on Change Healthcare.

The attack, which was reported in late February this year, forced some of Change Healthcare’s services offline, and even affected local pharmacies. The company merged with Optum two years ago, in a $7.8 billion deal. Following the ransomware attack, the affiliate criminals claim, Optum paid $22 million in bitcoin (roughly 350 BTC) for sensitive data not to be released online, and for the group to provide the decryption key.

That’s when ALPHV apparently decided to pull the plug. The operators work a ransomware-as-a-service (RaaS) model, where the affiliates get a cut of the ransom payment, but so do the operators. Apparently, there is no honor among thieves, and ALPHV decided to take the entire prize for itself.

While that certainly sounds plausible, BleepingComputer also speculates that the shutdown could be a part of a rebranding effort. BlackCat has already rebranded once in the past and was, until 2020, known as DarkSide.

The affiliates are now stuck with 4TB of Optum’s “critical data,” including “operation data that will affect all Change Healthcare and Optum clients”.

Via BleepingComputer

More from TechRadar Pro

Change Healthcare hit by major cyberattack — US health tech giant sees website taken offline, login pages unavailable
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

‘Tell them we’re not playing’: inside the USWNT’s fight for equal pay

‘Tell them we’re not playing’: inside the USWNT’s fight for equal pay

In an adapted extract from his book, the former executive director of the USWNTPA details how the 2015 World Cup winning squad used their leverage to drive change

The Guardian - US

'Back to the classroom' for children minister David Johnston for not knowing child allowance figure

'Back to the classroom' for children minister David Johnston for not knowing child allowance figure

He struggled to answer a question over child allowance rates in media interviews to promote Tory plans to extend the child benefit system

Evening Standard

Philippines Accuses Chinese Boats Of 'Dangerous' Actions In High Seas Medivac

Philippines Accuses Chinese Boats Of 'Dangerous' Actions In High Seas Medivac

As two Philippine vessels meet on the high seas to transfer a sick Filipino soldier, China Coast Guard boats shadow, block and bump them, according to video released by the Philippine Coast Guard on Friday.

International Business Times

Porzingis sets the tone as Celtics limit Doncic in stunning NBA finals opener

Porzingis sets the tone as Celtics limit Doncic in stunning NBA finals opener

The Celtics’ itinerant 7ft 2in colossus scored 18 points in the first 13 minutes of his NBA finals debut, sparking Boston to a Game 1 win worthy of these playoffs’ operatic scope

The Guardian - US

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Biden is to meet with Ukraine's Zelenskyy in Paris as Russia leans into its battlefield offensive

Biden is to meet with Ukraine's Zelenskyy in Paris as Russia leans into its battlefield offensive

U.S. President Joe Biden is due to meet with Ukrainian President Volodymyr Zelenskyy in Paris as Kyiv’s army endures its hardest days of fighting since the early weeks of the war with Russia and prepares for what officials say could be a tough summer ahead

The Independent UK

Crack cocaine gang blackmailed boy, 16, and inflicted ‘misery’ on Islington and Camden

Crack cocaine gang blackmailed boy, 16, and inflicted ‘misery’ on Islington and Camden

The teenager was ‘rented out’ to repay a debt, police say

Evening Standard

Related Stories

Top stories on inkl right now

‘Tell them we’re not playing’: inside the USWNT’s fight for equal pay

‘Tell them we’re not playing’: inside the USWNT’s fight for equal pay

In an adapted extract from his book, the former executive director of the USWNTPA details how the 2015 World Cup winning squad used their leverage to drive change

The Guardian - US

'Back to the classroom' for children minister David Johnston for not knowing child allowance figure

'Back to the classroom' for children minister David Johnston for not knowing child allowance figure

He struggled to answer a question over child allowance rates in media interviews to promote Tory plans to extend the child benefit system

Evening Standard

Philippines Accuses Chinese Boats Of 'Dangerous' Actions In High Seas Medivac

Philippines Accuses Chinese Boats Of 'Dangerous' Actions In High Seas Medivac

As two Philippine vessels meet on the high seas to transfer a sick Filipino soldier, China Coast Guard boats shadow, block and bump them, according to video released by the Philippine Coast Guard on Friday.

International Business Times

Porzingis sets the tone as Celtics limit Doncic in stunning NBA finals opener

Porzingis sets the tone as Celtics limit Doncic in stunning NBA finals opener

The Celtics’ itinerant 7ft 2in colossus scored 18 points in the first 13 minutes of his NBA finals debut, sparking Boston to a Game 1 win worthy of these playoffs’ operatic scope

The Guardian - US

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Biden is to meet with Ukraine's Zelenskyy in Paris as Russia leans into its battlefield offensive

Biden is to meet with Ukraine's Zelenskyy in Paris as Russia leans into its battlefield offensive

U.S. President Joe Biden is due to meet with Ukrainian President Volodymyr Zelenskyy in Paris as Kyiv’s army endures its hardest days of fighting since the early weeks of the war with Russia and prepares for what officials say could be a tough summer ahead

The Independent UK

Crack cocaine gang blackmailed boy, 16, and inflicted ‘misery’ on Islington and Camden

Crack cocaine gang blackmailed boy, 16, and inflicted ‘misery’ on Islington and Camden

The teenager was ‘rented out’ to repay a debt, police say

Evening Standard

Our Picks

Becoming Karl Lagerfeld review – an absolute feast for the eyes

Gorgeous gowns, extravagant chateaus, beautiful period styling: this biopic of one of fashion’s most distinctive icons is a visual feast. Even if it is a fairly slight portrait

The Guardian - UK

A man named Acid Fartz has been banned from The Sphere in Las Vegas after lighting up a bong during a Phish show

The ban has ruined a planned trip to Sin City to watch Dead & Company

Detroit's Musical Icons Shine At Michigan Central Station Reopening

Iconic musical talents shine at Detroit concert celebrating the city's revival at Michigan Central Station.

Diana Ross, Eminem and Jack White perform for thousands as former Detroit eyesore returns to life

Some of Detroit’s greatest musical exports performed at a concert celebrating the historic reopening of an 18-story structure that long had symbolized their hometown’s decline

The Independent UK

Tig Notaro’s twin sons didn’t realize their mothers are gay

‘I was so stunned because we’ve lived together almost eight years, and I’ve been gay the whole time,’ Notaro jokes

The Independent UK

Francis Ford Coppola denies inappropriate behavior on Megalopolis set: ‘I’m not touchy-feely’

Reports had suggested the veteran director tried ‘to kiss some of the topless and scantily-clad female extras’

The Independent UK

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play