Change Healthcare reportedly is going through one other assault, this time by ransomware gang RansomHub, simply weeks after it grew to become a sufferer in an ALPHV/BlackCat cyberattack.
RansomHub is demanding an extortion cost for an alleged 4TB of information it stole from the corporate; in any other case, it is threatening to promote the info to the very best bidder in 12 days.
The stolen info accommodates the delicate knowledge of US navy personnel and sufferers, in addition to medical information and monetary info, amongst different issues.
“Change Healthcare and United Well being, you have got one probability in defending your shoppers knowledge,” RansomHub reportedly mentioned. “The information has not been leaked wherever and any respectable menace intelligence would affirm that the info has not been shared nor posted.”
This places Change Healthcare, a subsidiary of United Healthcare, in what possible is a tough place in having to resolve whether or not or not paying the ransom is its best choice when it has solely simply gotten again on its toes from the final assault.
Based on Malachi Walker, safety adviser at DomainTools, whose workforce has been following ALPHV/BlackCat’s exercise, “this new info helps a number of theories that our workforce has urged; however irrespective of the case, it is unlucky that Change Healthcare is caught in the course of this battle between two rival gangs,” he mentioned in an emailed assertion.
“Even when not linked to BlackCat, RansomHub might be claiming ties to their victims to scare them into making a cost,” he added. “There’s a huge underground economic system booming across the ransomware scene immediately the place affiliate applications recruit on hacker boards, preliminary entry brokers promote footholds into organizational networks, and ransomware teams collaborate to share info.”
Although there may be vital hypothesis concerning whether or not ALPHV rebranded to RansomHub, or if there may be any connection in any respect, Walker mentioned there is no such thing as a affirmation, because it’s too early to inform.
