back to article Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama

ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment. Dmitry Smilyanets, an intelligence analyst at infosec outfit Recorded Future, spotted a Bitcoin wallet believed to be linked to ALPHV received 350 Bitcoins, right now worth at …

  1. Anonymous Coward
    Anonymous Coward

    $22 million will buy Putin plenty more bombs and missiles to use against the Ukraine. All courtesy of a health insurer that can't get their shit together.

    1. elip

      Not quite: Change Healthcare is not a health insurer. The health insurer that owns them as of a couple of years ago, actually has its shit together with regards to security and network design. Change Healthcare itself is a Healthcare Tech services provider...the techies that should've known better, didn't. The whole place is a shitshow, but for sure their systems are a mess.

      1. Anonymous Coward
        Anonymous Coward

        I'm with op on this one. When you buy something, you own it. When we did a funding round, the partners went over us with a fine-toothed comb. UHC has a due diligence requirement to do the same & more for an acquisition. And also to do a post-acquisition exam & fix what's broken. I can assure you, they did not. Even the most cursory exam of Change Healthcare's systems would show woefully inadequate security.

        This is ALL on UHC proper at this point.

    2. David Hicklin Bronze badge

      > $22 million will buy Putin plenty more bombs and missiles to use against the Ukraine

      That is assuming they can change it into equiv $$$ or find someone who takes bitcoin in payment...

  2. Doctor Syntax Silver badge

    So the data is in the hands of the crooks who exfiltrated it and are now miffed that they didn't get paid. It raises the question of just what UnintedHealth Group got of its (alleged) ransom payment.

    1. Michael Wojcik Silver badge

      It's also possible the affiliate did get paid but is pulling some other sort of scam, or that a third party drained the wallet. Malware providers and users often have terrible OPSEC, and malware itself is often poorly written and full of vulnerabilities, as documented by "malvuln" on Full Disclosure.

      You might think that for large cryptocurrency transactions users would use a fresh wallet and take it offline immediately after the transaction is complete, but (as anyone who reads Molly White's site knows) that's generally not the case. Things people wouldn't do with one-thousandth as much in cash they'll happily do with cryptocurrency. It's like even the trufans don't really believe cryptocurrency is money.

  3. 2Blockchainz

    Three parties

    1) the malware devs

    2) the affiliate distribution team

    3) the US healthcare system, including CVS

    It's hard to tell who is the "good guy" here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like