Change Healthcare is reportedly facing another attack, this time from ransomware group RansomHub, just weeks after becoming the victim of a ALPHV/BlackCat cyber attack.
RansomHub seeks extortion payment for alleged 4TB of data stolen from company; otherwise, it threatens to sell the data to the highest bidder within 12 days.
The stolen information contains, among other things, sensitive data of US military personnel and patients, as well as medical records and financial information.
“Change Healthcare and United Health, you have a chance at protecting your customers’ data,” RansomHub he reportedly said. “The data was not leaked anywhere and any decent threat intelligence would confirm that the data was not shared or published.”
This puts Change Healthcare, a subsidiary of United Healthcare, in what is likely a difficult position of having to decide whether or not paying the ransom is its best option when it is just getting back on its feet from the latest attack.
According to Malachi Walker, security consultant at DomainTools, whose team followed the ALPHV/BlackCat activity“This new information supports some theories suggested by our team; but in any case, it is unfortunate that Change Healthcare finds itself in the middle of this conflict between two rival gangs,” he said in an emailed statement.
“Although not linked to BlackCat, RansomHub may claim ties to its victims to scare them into making a payment,” he added. “There is a vast, booming underground economy on the ransomware scene today, where affiliate programs recruit on hacker forums, initial access brokers sell footholds in organizational networks, and ransomware groups collaborate to share intelligence .”
While there is significant speculation about whether ALPHV has been rebranded as RansomHub, or whether there is some connection, Walker said there is no confirmation, as it is too early to tell.