Hacker forum post claims UnitedHealth paid $22 million ransom in bid to recover data

FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020. REUTERS/Mike Blake/File Photo

WASHINGTON (Reuters) - A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group paid $22 million in a bid to recover access to data and systems encrypted by the "Blackcat" ransomware gang, according to two researchers.

Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing firm partially corroborated the claim on Monday.

It is not uncommon for large companies that have been victimized by ransomware gangs to decide to pay the hackers to regain control of their networks, especially in instances where a significant disruption to customers and partners occurred.

The forum post, dated Sunday, said a partner of Blackcat was responsible for the intrusion into UnitedHealth. The message, allegedly from the partner, included a link showing that someone had moved about 350 bitcoins, now worth about $23 million as the value of the cryptocurrency rises, from one digital currency wallet to another.

The owner or owners of the respective wallets is not publicly available, but blockchain analysis firm TRM Labs said the destination of the funds was "associated with AlphV," also known as Blackcat, noting it had seen that address used to collect ransom payments from other AlphV victims.

Asked whether it had paid the ransom, UnitedHealth said only that it was "focused on the investigation and the recovery."

Blackcat has not responded to repeated messages from Reuters sent over several days. Reuters could not immediately determine how to reach the purported partner hacker group or to access the cybercrime forum where the post was made, although it was able to view screenshots taken independently by two researchers, including Recorded Future's Dmitry Smilyanets.

The break-in at UnitedHealth's Change Healthcare unit, which has sparked disruption across the United States, has been the object of online intrigue. Blackcat claimed last week that it had stolen millions of sensitive records in the hack, only to quickly delete its post without explanation.

Meanwhile, the pain has continued to spread across the U.S. medical system as Change Healthcare's billing services remain paralyzed. The American Medical Association on Monday asked the Biden administration to make emergency funds available to physicians hurt by the outage.

(Reporting by Raphael Satter and Zeba Siddiqui; Editing by Jamie Freed)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!


Next In Tech News

Tesla cuts price of Full Self-Driving software by a third to $8,000
Apple now offers clearer voice calls with Voice Isolation for iPhones
Why teachers should stop calling AI’s mistakes ‘hallucinations’
Review: In ‘Princess Peach: Showtime!’ a Mario supporting character gets a starring role
Review: ‘Dragon’s Dogma 2’ and ‘Rise of the Ronin’ offer divergent takes on open-world games
DNB denies claims of impropriety over 5G rollout
Tesla cuts US prices of Models Y, X, S by $2,000
Why entrepreneurs need to consider increasing their digital security
Tesla's Elon Musk postpones India trip, aims to visit this year
Report: AI is smarter than a person, sometimes

Others Also Read