Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

Trending 1 month ago

The ransomware onslaught targeting aesculapian patient Change Healthcare has been 1 of nan astir disruptive successful years, crippling pharmacies crossed nan US—including those successful hospitals—and starring to superior snags successful nan transportation of medicine narcotics nationwide for 10 days and counting. Now, a conflict wrong nan criminal underground has revealed a caller improvement successful that unfolding debacle: One of nan partners of nan hackers down nan onslaught points retired that those hackers, a group known arsenic AlphV, received a $22 cardinal transaction that looks very overmuch for illustration a ample ransom payment.

On March 1, a Bitcoin reside connected to AlphV received 350 bitcoins successful a azygous transaction, aliases adjacent to $22 cardinal based connected speech rates astatine nan time. Then, 2 days later, personification describing themselves arsenic an connection of AlphV—one of nan hackers who activity pinch nan group to penetrate unfortunate networks—posted to nan cybercriminal underground forum RAMP that AlphV had cheated them retired of their stock of nan Change Healthcare ransom, pointing to nan publicly visible $22 cardinal transaction connected Bitcoin's blockchain arsenic proof.

That suggests, according to Dmitry Smilyanets, nan interrogator for information patient Recorded Future who first spotted nan post, that Change Healthcare has apt paid AlphV's ransom. “You tin spot nan number of coins that landed there. You don’t spot that benignant of transaction truthful often,” Smilyanets says. “There’s impervious of a ample magnitude landing successful nan AlphV-controlled Bitcoin wallet. And this connection connects this reside to nan onslaught connected Change Healthcare. So it’s apt that nan unfortunate paid nan ransom.”

When WIRED reached retired to United Healthcare, which owns Change Healthcare, a spokesperson declined to reply whether it had paid a ransom to AlphV, responding only that "we are focused connected nan investigation correct now.”

Both Recorded Future and TRM Labs, a blockchain study firm, link nan Bitcoin reside that received nan $22 cardinal costs to nan AlphV hackers. TRM Labs says it tin nexus nan reside to payments from 2 different AlphV victims successful January.

This is simply a processing story. Check backmost for updates.