A BlackCat ransomware gang website shows a takedown notice; the UK NCA denies involvement and experts suggest an exit scam after an alleged UnitedHealth payment
but is this really the end? Wall Street Journal : After the Change Healthcare attack, the US will relax some Medicare prescription rules and consider advance payments; some providers begin furloughing staff Mastodon: BrianKrebs / @briankrebs@infosec.exchange : If Change Healthcare indeed did pay $22 million, wouldn't they have to disclose that as a material issue in an SEC filing pretty soon? BrianKrebs / @briankrebs@infosec.exchange : I think probably the main reason Optum/Change Healthcare/UnitedHealth hasn't yet said it didn't pay $22 million as the data suggests is that they just don't want to see a bunch more headlines that start with “UnitedHealth Denies Claims....” Kevin Beaumont / @GossiTheDog@cyberplace.social : Some good reporting here - the NCA, who are listed on the alphabet portal as being involved in a takedown - say they were not involved in a takedown. — We'll see what the FBI says, but it looks like AlphV may well have done rug pull aka exit scam — stole their operator and affiliate's money and left their victims without decryption. … X: Fabian Wosar / @fwosar : Since people continue to fall for the ALPHV/BlackCat cover up: ALPHV/BlackCat did not get seized. They are exit scamming their affiliates. It is blatantly obvious when you check the source code of the new takedown notice. You will see code like this. [image] Lawrence Abrams / @lawrenceabrams : As expected, the FBI has “declined to comment” on BlackCat's seizure notices. This comes after the NCA has already stated they were not involved in any recent ALPHV disruption, but are listed on the banner. https://www.bleepingcomputer.com/ ... Fabian Wosar / @fwosar : An image URL like this is what Firefox and the Tor Browser create when you use the “Save page as” function to save a copy of a website to disk. This is what the logo URL in the real takedown notice looks like. [image] LinkedIn: Yossi Akselrud : I'd say this is national security level event. — Extremely curious how they got in, what needs to be hardened, we need to address and other cyber security/ infosec on a national level. … Adam Sewall : Any executive, cyber professional or IT Security Manager in Healthcare needs to be doing a hard assessment and making the case towards management of how to budget and deploy to mitigate such threats. … Andy Greenberg : AlphV, the hackers behind the ransomware attack on Change Healthcare that's snarled medical prescriptions nationwide, received a $22 million payment on March 1, visible on Bitcoin's blockchain. … Pramod John : It's time to end the monopolies because not only do we pay more, we end up with massive single points of failure. … Forums: r/hacking : BlackCat ransomware shuts down in exit scam, blames the “feds” r/nashville : Change Healthcare Pays $22 Million to Ransomware Group r/technews : Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment