Security News > 2024 > March > BlackCat ransomware turns off servers amid claim they stole $22 million ransom

BlackCat ransomware turns off servers amid claim they stole $22 million ransom
2024-03-04 17:44

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

Today, BleepingComputer confirmed the ransomware operations negotiation sites are now shut down as well, indicating a further deliberate take down of the ransomware gang's infrastructure.

This decision may be related to claims from someone describing themselves as a longtime ALPHV/BlackCat affiliate responsible for the attack on Optum, who said that ALPHV banned them from the operation and stole a $22 million ransom allegedly paid by Optum for the Change Healthcare attack.

Dmitry Smilyanets of threat intelligence company Recorded Future shared the message from the alleged ransomware affiliate, which claimed that Optum paid ALPHV/BlackCat a ransom on March 1st to delete the data stolen from the Change Healthcare platform and to receive a decryptor.

BlackCat is a rebrand of the DarkSide ransomware operation, who also shut down after claiming law enforcement transferred cryptocurrency from their wallets.

Ransomware gang claims they stole 6TB of Change Healthcare data.


News URL

https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/