The ALPHV/Blackcat ransomware gang has shut down its servers, according to reports from security researchers. Shortly afterwards, an affiliate partner came forward and accused the criminals of fraud within their own ranks. The gang is said to have defrauded the partner of $22 million.
Advertisement
Shut down
The money is said to come from blackmail by the operator Optum of the US health platform Change Healthcare. As security researchers from Bleepingcomputer.com, among others, report, ALPHV/Blackcat shut down its servers last Friday.
The platform for negotiations with victims was still active over the weekend. This infrastructure is now said to no longer be accessible. For a short period of time, the criminals' tox messenger said they had decided to shut everything down.
Affiliate program fraud
Shortly after the shutdown, a security researcher shared a message from an affiliate of the ransomware gang. ALPHV/Blackcat operates a ransomware-as-a-service program in which affiliates receive, among other things, the Trojan for attacks on companies. If an attack is successful and a victim pays a ransom, the money is divided.
In the case of the Optum attack, $22 million was said to have been paid so that the stolen patient data would not be leaked and the victim would receive the decryption key. Now the affiliates claim that, as a long-standing partner of APLHV-Blackcat, they were cheated out of millions. To do this, they are said to have blocked the partner's account and emptied the wallet with the ransom money.
The affiliate partner now states that they still have 4 terabytes of stolen data. This is said to contain sensitive information from companies in the healthcare sector. Optum has announced that it is investigating the current incident.
What's next?
It is currently unclear whether ALPHV/Blackcat will withdraw after the fraud or start anew under a new name. This wouldn't be the first time, after all, the criminals were already operating under the name DarkSide in 2020.
The ransomware gang has recently come under increasing pressure. Criminal investigators already had access to their servers and the FBI has offered a reward of up to $15 million for information about the perpetrators.
(of the)