Change Healthcare, a subsidiary of UnitedHealth Group, has been facing renewed extortion from cybercriminals just a month after paying a ransom to prevent the release of data stolen in a February 2024 ransomware attack.
BlackCat group disrupted healthcare operations across the US, compromising over 4TB of sensitive data, including personal and financial records, and later announced their closure after being raided by the FBI.
However, suspicions arose when they failed to share a $22 million ransom payment reportedly made by UnitedHealth Group. Now, a new ransomware group RansomHub has surfaced, threatening to expose the stolen data unless another ransom is paid.
RansomHub, latestly emerged group, boasts former BlackCat affiliates among its ranks, potentially explaining how they acquired Change Healthcare’s data.
According to the analyst Dominic Alvieri, RansomHub operates on a ransomware-as-a-service model. The group also allows affiliates to retain 90% of ransom proceeds, addressing concerns raised by BlackCat’s exit scam.
While speculation surrounds RansomHub’s connection to BlackCat, regardless of the resurgence of extortion highlights the risks faced by ransomware victims are affected.
It’s important to note that the payment of a ransom doesn’t guarantee the cybercriminal will decrypt a victim’s files or reinstate access to their systems. They are criminals, and as such, they can not be trusted.
