State Department offers $10M reward for info on BlackCat

The Rewards for Justice program seeks information leading to the identification or location of any ALPHV BlackCat-linked cyber actor. The group claimed credit for the destabilizing Feb. 21 Change Healthcare ransomware attack.
By Andrea Fox
11:58 AM

Photo: krisanapong detraphiphat/Getty Images

The U.S. Department of State’s Rewards for Justice program, administered by the Diplomatic Security Service, announced a $10 million bounty Wednesday seeking more information against the BlackCat ransomware group.

The State Department said it set up a dark web tip line to protect the safety and security of potential sources.

WHY IT MATTERS

The State Department seeks to prosecute cyber actors "under the control of a foreign government that engages in certain malicious cyber activities against U.S. critical infrastructure" under the Computer Fraud and Abuse Act, according to the announcement.

ALPHV BlackCat operates as a ransomware-as-a-service business model in which the group’s members develop and maintain the ransomware variant and then recruit affiliates to deploy the ransomware, the RJF said.

Along with the Tor-based tip-reporting line, the RFJ also noted that "relocation and rewards payments by cryptocurrency may be available to eligible sources."

THE LARGER TREND

When Change Healthcare experienced a cyberattack, ransomware ultimately set off a chain reaction that reverberated across the healthcare ecosystem – from patients and providers to pharmacies and payers – that continues

Federal agencies confirmed that healthcare organizations have been targeted since the U.S. Department of Justice announced the seizure of the ALPHV gang's infrastructure in December.

But the Blackcat assault on Change's network, which is owned by UnitedHealth Group and processes 15 billion healthcare transactions annually, underscores the need for transparency in reporting cyber incidents and highlights the urgency of contingency planning for healthcare organizations, according to Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. 

He told Healthcare IT News earlier this month that fostering a culture of cybersecurity awareness and conducting regular security audits are vital to bolstering an enterprise's ability to execute transactions and protect patient care.

"This attack stands out due to its potential magnitude and the critical nature of the healthcare infrastructure it targets," Steinhauer said.

UHG reportedly paid the ransom – about $22 million in Bitcoin. As Change began to restore service, one BlackCat affiliate claimed that ALPHV leaders shut down, posting a fake takedown notice, and kept the entire ransom. 

ON THE RECORD

"The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deploying ransomware on the targeted systems, disabling security features within the victim’s network, stealing sensitive confidential information, demanding payment to restore access and threatening to publicize the stolen data if victims do not pay a ransom," the State Department said in a statement.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.