Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Yet another hacker group demands ransom from Change Healthcare

Code Skull.

Change Healthcare’s ransomware fiasco is constantly going from bad to worse, as now a new threat actor has emerged with ransom demands in exchange for the stolen data.

Roughly a month and a half after initially detecting an attack, a different threat actor going by RansomHub is claiming to own the stolen data, and is asking Change Healthcare for more money. If the company doesn’t follow through, it will sell it to the highest bidder.

According to Wired, which saw screenshots of the database, confirming the authenticity of the database is difficult, but it all points to the data being authentic. The RansomHub threat actor is apparently associated with an individual going by “Notchy”, who was the one to originally get duped by ALPHV.

RansomHub emerges

In late February 2024, the firm, arguably one of the biggest health tech companies in the United States, suffered a ransomware attack that sent ripples throughout the industry, as pharmacies and medical practitioners across the country were left unable to process claims.

In the days and weeks to follow, an affiliate of the infamous BlackCat (ALPHV) ransomware-as-a-service operation claimed responsibility for the attack, and demanded $22 million in cryptocurrency, in exchange for the decryption key and for not publishing sensitive data on the dark web.

Change Healthcare seemingly succumbed to the demands, as blockchain analysts soon found a $22 million transaction.

Things quickly turned sour as reports came in that the hackers that broke into Change Healthcare never got the money.

Ransomware-as-a-service works like this: One hacking group develops and maintains an encryptor, and then shares it with other groups, known as affiliates. Those that successfully breach a company and extort money are required to split the funds with the developers. In the case of Change Healthcare, all of the money went to the developers, who took it - and ran. They left a message - “GG” - and shut down the servers. The affiliates were left holding their data - allegedly, 4TB of sensitive customer information - prompting the new change of direction.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.