Change Healthcare Finally Admits It Paid Ransomware Hackers (wired.com)
- Reference: 0173620916
- News link: https://it.slashdot.org/story/24/04/23/2158231/change-healthcare-finally-admits-it-paid-ransomware-hackers
- Source link: https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/
> More than two months after the start of a [1]ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin's blockchain had already made all too clear: [2]that it did indeed pay a ransom to the hackers who targeted the company in February . And yet, it still faces the risk of losing vast amounts of customers' sensitive medical data. In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," the statement reads. The company's belated admission of that payment accompanied a [3]new post on its website where it warns that the hackers may have stolen health-related data that would "cover a substantial proportion of people in America."
>
> Cybersecurity and cryptocurrency researchers told WIRED last month that Change Healthcare appeared to have paid that ransom on March 1, pointing to a transaction of 350 bitcoins or roughly $22 million sent into a crypto wallet associated with the AlphV hackers. That transaction was first highlighted in a message on a Russian cybercriminal forum known as RAMP, where one of AlphV's allegedly jilted partners complained that they hadn't received their cut of Change Healthcare's payment. However, for weeks following that transaction, which was publicly visible on Bitcoin's blockchain and which both security firm Recorded Future and blockchain analysis firm TRM Labs told WIRED had been received by AlphV, Change Healthcare repeatedly declined to confirm that it had paid the ransom.
>
> Change Healthcare's confirmation of that extortion payment puts new weight behind the cybersecurity industry's fears that the attack -- and the profit AlphV extracted from it -- will lead ransomware gangs to further target health care companies. "It 100 percent encourages other actors to target health care organizations," Jon DiMaggio, a researcher with cybersecurity firm Analyst1 who focuses on ransomware, told WIRED at the time the transaction was first spotted in March. "And it's one of the industries we don't want ransomware actors to target -- especially when it affects hospitals." Compounding the situation, a conflict between hackers in the ransomware ecosystem has led to a second ransomware group claiming to possess Change Healthcare's stolen data and threatening to sell it to the highest bidder on the dark web. Earlier this month that second group, known as RansomHub, sent WIRED alleged samples of the stolen data that appeared to come from Change Healthcare's network, including patient records and a contract with another health care company.
[1] https://tech.slashdot.org/story/24/02/22/144230/us-health-tech-giant-change-healthcare-hit-by-cyberattack
[2] https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/
[3] https://www.unitedhealthgroup.com/newsroom/2024/2024-04-22-uhg-updates-on-change-healthcare-cyberattack.html
They dont get it (Score:2)
The data got sold anyways. Not just to the highest bidder. To literally anyone willing to pay for it. Once the data is in the wild, you can forget about “getting it back”. FFS it’s not like a diamond necklace that can be “returned”. What century do these people live in?
By paying the ransom, all they did was paint a big sign on their back saying “I’m vulnerable, I’m naive, I don’t understand how basic computers work let alone the internet, and I
Re: (Score:1)
I'm a bit concerned that we are now using the term "ransomware" to include situations where data have been exfiltrated. It used to only mean that the data were encrypted in place, and the ransom was for the decryption key (which you still can't trust, btw. How do you know that the data weren't altered during the encryption or decryption process?).
A case where data are exfiltrated is more properly referred to as a breach .
Are we just being sloppy with language, or does calling it ransomware give companies cov
$22M for the Special Military Operation (Score:2)
Even after giving a cut to affiliate groups that helped, $22M can be used to murder quite a few Ukrainians. Because, while in the past their criminals used to be somewhat independent, after the full-scale war erupted, most of these bastards went under semi-official employ of the government.
Paying the ransom should be illegal (Score:3)
There needs to be a law against paying the ransom like this. This payday will attract ever more attacks. The only defense is to take away the profit motive. That will incentivize institutions to improve their security.
Illegal, has a steep price. (Score:2)
We would end up with more cyber fuck-ups being deemed Too Big To Fail at taxpayer expense, along with Government-mandated corporate cyber-insurance, taken right out of your paycheck in taxes if we follow your illegal lead.
Be careful what you ask for. Not like we’re suddenly going to start punishing Greed N. Corruption, CEO.
Re: (Score:2)
So you are promoting a plan of more of the same. No. Paying any extortion or blackmail should be the end of the Corporation as a legal entity.
Sure it would be tough even after such a law could ever be passed, until the first corporation is no more, then it will simply be the law not to negotiate.
Today's teachings are all about tolerance, but when it comes to burdens to society there should be NO tolerance. That is why we are currently where we are when it comes to crime.
Re: (Score:2)
> So you are promoting a plan of more of the same. No. Paying any extortion or blackmail should be the end of the Corporation as a legal entity.
Oh no. I was more promoting a more likely reality that could be far fucking worse. Government mandated cyber insurance taken from your paycheck at the Federal level, while they manufacture a CyberThreatCon annual loss cost to be adjusted quarterly and taxed for next year, pre-paid? Just imagine how many “foreign” APTs you would find working at three-letter agencies on behalf of the Donor Class funding them. Imagine how quickly cyber-taxes would rise. As I said, Federal law mandating illegal
Re: (Score:2)
It doesn't matter how painful, no ransom should be paid. That is the ONLY way to take away the main motive to attack.
That said, it doesn't mean security isn't just as important, because attacks can also be motivated by politics or just mischief as well.
I would be one who supports laws preventing such payments. And no bailouts either- the corporation should be allowed to fail and all the stockholders will get shafted. And that is the other deterrence- pay now for security and make it count, lest you run t
Re: (Score:1)
Uh, paying the ransom is illegal, but much like antitrust law, our government seems to be completely incompetent at actual enforcement.
Re: (Score:2)
> Uh, paying the ransom is illegal, but much like antitrust law, our government seems to be completely incompetent at actual enforcement.
No, paying ransom is not illegal. There are OFAC restrictions on who you can pay ransom to, but that almost never applies to ransomware attacks.
The rest of the world thanks you (Score:3)
Here, not in the USA, one of our government run hospitals was victim of a ransomware attack a couple years ago. It was a major pain recovering the data and bringing it back online. No ransom was paid. It goes against our principles and also have you every tried to get the government to pay you for anything? I'm pretty sue the ransomware gang were not approved health care service provider so there would have been no procedural option to pay them, and governments do like procedures and paperwork.
I'm not aware of any further attacks, why bother when you know you are not going to get paid?
And we now have news that USA healthcare providers will pay up, so guess which country ransomware operators are now going to focus on?
Why is sensitive stuff connected to the interwebs? (Score:1)
Disconnect sensitive stuff from the interwebs. On classified networks, we run on the same physical Internet backbone. But it's highly encrypted and not logically addressable from the interwebs. Healthcare, industrial systems, utilities should all be disconnected.
No truth in naming there... (Score:2)
Change Healthcare is part of United HealthGroup. They are changing absolutely nothing, aside from of course increasing revenue for health care executives. The entire industry is morally bankrupt and deserves this and much worse. Unfortunately we the consumers are the ones who will ultimately pay the cost of this.
Never pay the Dane-geld (Score:1)
Dane-geld
A.D. 980-1016
IT IS always a temptation to an armed and agile nation
To call upon a neighbour and to say: â"
"We invaded you last night â" we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation for a rich and lazy nation
Obviously a number have (Score:2)
If idiots like this actually locked down systems ( offshoring makes it easy to crack these ), OR refused to pay, then these nations/groups would stop. Butâ¦.
Just like nations that trade prisoners or pay for others, makes their citizens easy targets.
Wow, so you can't trust blackmailers? (Score:2)
I am shocked. SHOCKED!
Good thing I was sitting down...