Priya PatelTLDR:
- Change Healthcare is facing a second cyber extortion attack by RansomHub after allegedly paying a $22 million ransom to BlackCat/ALPHV.
- RansomHub claims to have stolen 4 TB of sensitive data, including financial information and medical records of US military personnel.
The article discusses the recent cyber extortion attack on Change Healthcare by RansomHub, following a rumored $22 million payment to BlackCat/ALPHV. The new attack, orchestrated by RansomHub, has raised concerns about former BlackCat members potentially being involved. The group has threatened to auction off the stolen 4 TB of data, which includes personal information of US military personnel.
Yossi Rachman, Director of Security Research at Semperis, has highlighted that RansomHub is relatively new, operating under a Ransomware-as-a-service model. The attack on Change Healthcare is considered one of the most sophisticated against a healthcare organization, disrupting millions of prescription drug orders for patients nationwide. Rachman emphasizes the importance of cybersecurity measures to mitigate operational risks in data-driven organizations.
Victor Acin, Head of Threat Intel at Outpost24, points out the credibility issue with ransomware groups, noting that ransomware groups rely on the trust of victims to successfully ransom data. Malachi Walker, Security Advisor at DomainTools, suggests that changes in the criminal underground are already being observed, with ransomware groups collaborating and sharing information.
The article underscores the challenges faced by Change Healthcare following the cyber extortion attacks, including private lawsuits and federal regulatory scrutiny. The debate on ransomware payments resurfaces, with the incident prompting questions about the efficacy of paying ransoms and the risk of repeat attacks on vulnerable victims.
