The U.S. government said it is extending its reward seeking information on key leadership of the ALPHV/BlackCat cybercrime gang to its affiliate members, one of which last month took credit for a massive ransomware attack on a U.S. health tech giant.
In a statement Wednesday, the U.S. State Department said it will offer a reward of up to $10 million for information that identifies or locates any person associated with ALPHV/BlackCat, including “their affiliates, activities, or links to a foreign government.”
The Russia-based ALPHV/BlackCat is a ransomware-as-a-service operation, which recruits affiliates — effectively contractors who earn a commission for launching ransomware attacks — and takes a cut of whatever ransom demand the victim pays. Although security researchers have not yet drawn a connection between ALPHV/BlackCat and a foreign government, the State Department implied in its statement that the gang may be “acting at the direction or under the control of a foreign government,” such as Russia.
The State Department blamed the prolific ransomware group for targeting U.S. critical infrastructure, including healthcare services.
Last month, an affiliate group of the ALPHV/BlackCat gang took credit for a cyberattack and weeks-long outage at U.S. health tech giant Change Healthcare, which processes around one-in-three U.S. patient medical records. The cyberattack knocked out much of the U.S. healthcare system’s access to patient records and billing information, causing massive outages and delays in fulfilling medications and prescriptions and surgical authorizations for weeks.
The affiliate group went public after accusing the main ALPHV/BlackCat gang of swindling the contract hackers out of $22 million in ransom that Change Healthcare allegedly paid to prevent the mass leak of patient records.
The group said ALPHV/BlackCat carried out an “exit scam,” where the hackers run off with their fortune to avoid paying their affiliates and keep the stolen funds for themselves.
Despite having lost their cut of the ransom demand, the affiliate group claimed to still have access to a huge amount of stolen sensitive patient data.
Change Healthcare has said since that it ejected the hackers from its network and restored much of its systems. U.S. health insurance giant UnitedHealth Group, the parent company of Change Healthcare, has not yet confirmed if any patient data was stolen.