Ransomware attacks are no longer uncommon as hacker groups are now capable of exploiting even the slightest vulnerabilities in the largest companies and organizations. Although rare, there's a chance that paying ransom does not solve the issue, and it is what Change Healthcare is facing now.
(Photo : Getty Images)
Another Ransomware Threat
Change Healthcare has already been through the entire headache of dealing with the first ransomware group that claimed to be responsible for the cyberattack. Although it was never officially stated, it appears that the company has already paid the ransom.
The first attack occurred back in March with the hacker group AlphV, which threatened to release healthcare data if they did not receive the demanded $22 million payment. It was then seen on bitcoin's blockchain that a payment has gone through.
Now another group, RansomHub, is claiming that they also have the data and will sell it to the highest bidder if Change Healthcare does not pay the ransom, which right now is still of an unknown amount, according to Ars Technica.
RansomHub already provided screenshots of patient records and a data-sharing contract for United Healthcare, which owns Change Healthcare. This could serve as proof that the second ransomware group might not be bluffing.
Threat intelligence firm Analyst1's Chief Security Strategist, Jon DiMaggio believes that RansomHub is telling the truth after reviewing the information that the ransomware gang released. He added that they are "gaining momentum."
It appears that AlphV and RansomHub had some kind of affiliation. In a Russian cybercriminal forum, it was mentioned by a user named "notchy" that AlphV pocketed the ransom without sharing the commission with its affiliate hackers.
RansomHub says that Notchy was associated with the group. With the hacker gang stiffed by AlphV, they turned back to the cyberattack victim for more money. They even claimed that AlphV didn't even have the data they threatened to release originally.
"For everyone speculating and theorizing on the situation, AlphV stole our share of the payment and performed an exit scam," RansomHub claims. Unfortunately for Change Healthcare, AlphV left before RansomHub deleted the stolen data, so they still had leverage.
Read Also: What to Know About Ransomware Threats in 2024
Ransomware Groups Becoming Unpredictable
You can never really trust cybercriminals who are part of a ransomware group even if they claim to fulfill their end of the bargain. After all, they are the ones who steal or encrypt data in the first place. However, this sets a bad precedent for illegal activity.
Even after a ransom has been paid, the attackers can gain twice as much if they keep the data since they can still sell it to other fraudulent groups. While this might discourage victims from paying the ransom since it's a bad outcome either way, hackers might be willing to risk it for a big sum.
Di Maggio said "Victims need to understand that paying a criminal who promises to delete their data permanently is a myth," which is true since there is no way to create a system that automatically deletes stolen data once the ransom comes through.
Related: Ransomware Attacks Stole Over $1.1 Billion from Companies in 2023
