Change Healthcare Receives Threat from Second Ransomware Group After Paying the First

Ransomware attacks are no longer uncommon as hacker groups are now capable of exploiting even the slightest vulnerabilities in the largest companies and organizations. Although rare, there's a chance that paying ransom does not solve the issue, and it is what Change Healthcare is facing now.

Ransomware
Getty Images

Another Ransomware Threat

Change Healthcare has already been through the entire headache of dealing with the first ransomware group that claimed to be responsible for the cyberattack. Although it was never officially stated, it appears that the company has already paid the ransom.

The first attack occurred back in March with the hacker group AlphV, which threatened to release healthcare data if they did not receive the demanded $22 million payment. It was then seen on bitcoin's blockchain that a payment has gone through.

Now another group, RansomHub, is claiming that they also have the data and will sell it to the highest bidder if Change Healthcare does not pay the ransom, which right now is still of an unknown amount, according to Ars Technica.

RansomHub already provided screenshots of patient records and a data-sharing contract for United Healthcare, which owns Change Healthcare. This could serve as proof that the second ransomware group might not be bluffing.

Threat intelligence firm Analyst1's Chief Security Strategist, Jon DiMaggio believes that RansomHub is telling the truth after reviewing the information that the ransomware gang released. He added that they are "gaining momentum."

It appears that AlphV and RansomHub had some kind of affiliation. In a Russian cybercriminal forum, it was mentioned by a user named "notchy" that AlphV pocketed the ransom without sharing the commission with its affiliate hackers.

RansomHub says that Notchy was associated with the group. With the hacker gang stiffed by AlphV, they turned back to the cyberattack victim for more money. They even claimed that AlphV didn't even have the data they threatened to release originally.

"For everyone speculating and theorizing on the situation, AlphV stole our share of the payment and performed an exit scam," RansomHub claims. Unfortunately for Change Healthcare, AlphV left before RansomHub deleted the stolen data, so they still had leverage.

Ransomware Groups Becoming Unpredictable

You can never really trust cybercriminals who are part of a ransomware group even if they claim to fulfill their end of the bargain. After all, they are the ones who steal or encrypt data in the first place. However, this sets a bad precedent for illegal activity.

Even after a ransom has been paid, the attackers can gain twice as much if they keep the data since they can still sell it to other fraudulent groups. While this might discourage victims from paying the ransom since it's a bad outcome either way, hackers might be willing to risk it for a big sum.

Di Maggio said "Victims need to understand that paying a criminal who promises to delete their data permanently is a myth," which is true since there is no way to create a system that automatically deletes stolen data once the ransom comes through.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics