The US government has said it is expanding its reward for information on the key leadership of the ALPHV/BlackCat cybercrime gang to its affiliates, one of which last month claimed credit for a massive ransomware attack on a US tech giant health.
In a statement on Wednesday, the US State Department said it is offering a reward of up to $10 million for information that identifies or locates any person associated with ALPHV/BlackCat, including their “affiliates, activities or links with a foreign government.”
Russia-based ALPHV/BlackCat is a ransomware-as-a-service operation that recruits affiliates — essentially contractors who earn a commission for launching ransomware attacks — and limits any ransom the victim pays. Although security researchers have yet to link ALPHV/BlackCat to a foreign government, the State Department hinted in its statement that the gang may be “acting under the direction or control of a foreign government,” such as Russia.
The State Department accused the prolific ransomware group of targeting critical US infrastructure, including healthcare services.
Last month, a group of associates of the ALPHV/BlackCat gang claimed credit for a cyberattack and week-long outage at US health tech giant Change Healthcare, which processes about one in three US patient medical records. The cyber attack shut down much of the US health care system’s access to patient records and billing information, causing massive disruptions and delays in filling drugs and prescriptions and surgical authorizations for weeks.
The affiliate group went public after accusing the main ALPHV/BlackCat gang of defrauding the hackers out of a $22 million ransom allegedly paid by Change Healthcare to prevent a massive leak of patient records.
The group said ALPHV/BlackCat ran an “exit scam,” where hackers run with their wealth to avoid paying their affiliates and keep the stolen funds for themselves.
Despite missing out on a drop in ransom demand, the affiliate claimed it still had access to a massive amount of stolen sensitive patient data.
Change Healthcare has since said it has kicked the hackers out of its network and restored many of its systems. US health insurance giant UnitedHealth Group, Change Healthcare’s parent company, has yet to confirm whether patient data has been stolen.
