By Raphael Satter
WASHINGTON (Reuters) - A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group (NYSE:UNH) paid $22 million in a bid to recover access to data and systems encrypted by the "Blackcat" ransomware gang, according to two researchers.
Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing firm partially corroborated the claim on Monday.
It is not uncommon for large companies that have been victimized by ransomware gangs to decide to pay the hackers to regain control of their networks, especially in instances where a significant disruption to customers and partners occurred.
The forum post, dated Sunday, said a partner of Blackcat was responsible for the intrusion into UnitedHealth. The message, allegedly from the partner, included a link showing that someone had moved about 350 bitcoins, now worth about $23 million as the value of the cryptocurrency rises, from one digital currency wallet to another.
The owner or owners of the respective wallets is not publicly available, but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat, noting it had seen that address used to collect ransom payments from other AlphV victims.
Asked whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."
Blackcat has not responded to repeated messages from Reuters sent over several days. Reuters could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made, although it was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.
The break-in at UnitedHealth's Change Healthcare (NASDAQ:CHNG) unit, which has sparked disruption across the United States, has been the object of online intrigue. Blackcat claimed last week that it had stolen millions of sensitive records in the hack, only to quickly delete its post without explanation.
Meanwhile, the pain has continued to spread across the U.S. medical system as Change Healthcare's billing services remain paralyzed. The American Medical Association on Monday asked the Biden administration to make emergency funds available to physicians hurt by the outage.