UnitedHealth Allegedly Pays $22M to Ransomware Gang

UnitedHealth Group has reportedly paid a ransom of $22 million to the ALPHV/Blackcat ransomware gang to regain access to data and systems encrypted during a cyberattack on its subsidiary, Change Healthcare. The payment was disclosed through a post on a Russian cybercriminal forum by an affiliate of the gang. If true, it would be one of the largest sums of money that’s ever been extorted by a ransomware gang.

According to The Wired, the affiliate's post claimed that UnitedHealth Group's subsidiary Optum paid the sum to prevent data leakage and secure a decryption key. This claim was substantiated by a link to a transaction showing the receipt of 350 bitcoins, equivalent to the ransom amount in USD.

The forum post also revealed internal disputes within the ransomware gang, with the affiliate member alleging they were swindled out of their share of the ransom. "Be careful everyone and stop dealing with ALPHV," the affiliate member warned, indicating a betrayal by the group.

Reuters reported that the cryptocurrency wallet that received the transaction has been tied to ALPHV by blockchain analysis firm TRM Labs, who noted that they’ve seen that wallet used to collect ransom payments from previous ALPHV victims.

The incident has raised concerns about the increasing focus on the US health sector by ransomware gangs, with the payment potentially emboldening future attacks. The cyberattack on Change Healthcare has been notably disruptive, leading to significant delays in the processing of prescriptions across hospitals and pharmacies nationwide.

In response to the incident, a UnitedHealth Group spokesperson stated that the company remains “focused on the investigation and recovery of our operations.” With no guarantee that any of the stolen data will be erased, $22 million would rank among the largest known ransomware payments if it turns out to be true. The current record holder is a $40 million payout made by CNA Financial back in 2021.

This ransomware attack is not the first of its kind involving the Blackcat gang, who are known for its disruptive cyberattacks for several years now. Previous incidents targeting data storage giant Western Digital and Fidelity National Financial have made this hacker gang a notorious name. Despite recent attempts by federal agencies to take down large cybercrime gangs, the menace of ransomware continues to haunt the corporate world.