State Department offers $10M reward for ID of Change Healthcare hackers

Last month’s cyberattack on Change Healthcare has had a multimillion-dollar impact on providers and other industry members. The U.S. State Department has announced a reward of up to $10 million for information leading to the identification or location of anyone who holds a key leadership position in Blackcat, the ransomware group believed to be behind the hack. The department is also offering up to $5 million for information leading to the arrest or conviction of anyone participating in or conspiring or attempting to participate in a ransomware attack using the ALPHV/Blackcat variant.

Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to the U.S. Department of Justice. Blackcat has compromised computer networks worldwide and caused hundreds of millions of dollars in losses, it said. In a since-deleted post on the dark web, Blackcat claimed it was behind the attack on Change Healthcare’s systems. The group said it managed to extract six terabytes of data, including medical records, insurance records and payment information.

Brett Callow, a threat analyst at the cybersecurity company Emsisoft, said ransomware groups often make posts such as these in an effort to bring victims to the negotiating table. He said ransomware groups often exaggerate the amount of data they’ve stolen, so Blackcat’s claims should be treated with skepticism. It can take weeks for an organization to determine exactly what information was stolen, and ransomware groups often use the period of uncertainty to their advantage. “Cybercriminals, they’re not going to tell the truth,” Callow told CNBC.

The reward offer complements the Justice Department’s and FBI’s recent announcement of cooperation with law enforcement agency groups from the United Kingdom, Australia, Germany, Spain and Denmark to launch a disruption campaign against ALPHV/Blackcat. More than 1,000 victim entities globally have been compromised by ALPHV/Blackcat actors, according to the State Department , In December 2023, the FBI disrupted ALPHV/Blackcat’s operations by distributing a decryption tool developed by the agency that assisted dozens of victims with restoring affected computer systems and saving victims from ransom demands totaling approximately $99 million.

Related: Change Healhcare may damage credit at smaller health care providers: Fitch

The FBI, HHS and the Cybersecurity and Infrastructure Security Agency recently issued an updated joint advisory to the health-care industry highlighting warning signs that they may have been compromised by a Blackcat ransomware actor and actions to take to mitigate ransomware attacks. The advisory said health-care is one of the most commonly targeted business sectors.