Over the course of a number of months, Change Healthcare confronted an especially complicated state of affairs. ransomware a fiasco that has left a whole lot of pharmacies and medical amenities throughout the USA unable to course of claims. Now, because of an obvious dispute throughout the legal ransomware ecosystem, the state of affairs might have turn into much more complicated.
In March, the AlphV ransomware group, which claimed duty for encrypting Change Healthcare’s community and threatened to leak massive quantities of the corporate’s delicate medical information, acquired a payout of $22 million— proof publicly recorded on the Bitcoin blockchain that Change Healthcare probably gave in to its tormentors’ ransom calls for, though the corporate has not but confirmed that it paid. However within the new definition of ransomware within the worst case one other The ransomware group claims to be storing stolen Change Healthcare information and is demanding fee of its personal.
Since Monday, RansomHub, a comparatively new ransomware group, has posted on its darkish web site that it has 4 terabytes of stolen Change Healthcare information, which it has threatened to promote to the best bidder if Change Healthcare doesn’t pay unspecified quantity. ransom RansomHub advised WIRED it isn’t affiliated with AlphV and “can not say” how a lot it’s asking for ransom.
Initially, RansomHub refused to publish or present WIRED with any pattern information from the stolen trove to again up its claims. However on Friday, a consultant for the group despatched WIRED a number of screenshots of what gave the impression to be affected person data and a data-sharing contract for United Healthcare, which owns Change Healthcare, and Emdeon, which acquired Change Healthcare in 2014 and later took its title.
Whereas WIRED was unable to totally verify RansomHub’s claims, the samples point out that the second extortion try in opposition to Change Healthcare could also be greater than an empty risk. “For anybody who doubts our information, and for these questioning in regards to the criticality and sensitivity of the info, the pictures must be adequate to point out the size and significance of the state of affairs and clear up unrealistic and infantile theories,” the spokesperson says. RansomHub. SENT BY EMAIL.
“We’re working with regulation enforcement and outdoors consultants to analyze the claims posted on-line to grasp the scope of the info probably affected,” Change Healthcare mentioned in an e mail to WIRED. “Our investigation stays lively and ongoing. There isn’t a proof of any new cyber incidents at Change Healthcare.”
Brett Callow, a ransomware analyst at safety firm Emsisoft, says he believes AlphV didn’t initially launch any information in regards to the incident, and the origin of the RansomHub information is unclear. “I clearly don’t know if the info is actual—it may have come from elsewhere—however I don’t see something that may point out it’s not real,” he says of the info shared by RansomHub.
John DiMaggio, chief safety strategist at risk intelligence agency Analyst1, says he believes RansomHub is “telling the reality and does have Change HealthCare information” after reviewing the data despatched to WIRED. Whereas RansomHub is a brand new supply of ransomware threats, they’re shortly “gaining traction,” DiMaggio mentioned.
If RansomHub’s claims are actual, it will imply that Change Healthcare’s already disastrous ransomware ordeal has turn into one thing of a cautionary story in regards to the risks of trusting ransomware teams to maintain their guarantees even after paying a ransom. In March, somebody going by the username “notchy” posted on a Russian cybercrime discussion board that AlphV pocketed a $22 million fee and disappeared with out sharing the fee with “affiliate” hackers who usually work with ransomware teams and sometimes infiltrate victims’ networks. on their behalf.