Get 40% Off
🚀 Our AI Picked 6 Stocks that Jumped +25% in Q1. Which Picks Will Soar in Q2?Unlock full list

Hacker forum post claims UnitedHealth paid $22 million ransom in bid to recover data

Published 03/04/2024, 08:03 PM
Updated 03/05/2024, 02:13 PM
© Reuters. FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020.  REUTERS/Mike Blake/File Photo

By Raphael Satter

WASHINGTON (Reuters) - A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group (NYSE:UNH) paid $22 million in a bid to recover access to data and systems encrypted by the "Blackcat" ransomware gang, according to two researchers.

Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing firm partially corroborated the claim on Monday.

It is not uncommon for large companies that have been victimized by ransomware gangs to decide to pay the hackers to regain control of their networks, especially in instances where a significant disruption to customers and partners occurred.

The forum post, dated Sunday, said a partner of Blackcat was responsible for the intrusion into UnitedHealth. The message, allegedly from the partner, included a link showing that someone had moved about 350 bitcoins, now worth about $23 million as the value of the cryptocurrency rises, from one digital currency wallet to another.

The owner or owners of the respective wallets is not publicly available, but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat, noting it had seen that address used to collect ransom payments from other AlphV victims.

Asked whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."

Blackcat has not responded to repeated messages from Reuters sent over several days. Reuters could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made, although it was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.

© Reuters. FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020.  REUTERS/Mike Blake/File Photo

The break-in at UnitedHealth's Change Healthcare (NASDAQ:CHNG) unit, which has sparked disruption across the United States, has been the object of online intrigue. Blackcat claimed last week that it had stolen millions of sensitive records in the hack, only to quickly delete its post without explanation.

Meanwhile, the pain has continued to spread across the U.S. medical system as Change Healthcare's billing services remain paralyzed. The American Medical Association on Monday asked the Biden administration to make emergency funds available to physicians hurt by the outage.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.