The U.S. State Department’s Rewards for Justice program, administered by the Diplomatic Security Service, announced Wednesday a $10 million bounty seeking more information against the BlackCat ransomware group.
The State Department said it has set up a tip line on the dark web to protect the safety and security of potential sources.
WHY IT MATTERS
The State Department is seeking to prosecute cyber actors “under the control of a foreign government that engages in certain malicious cyber activities against U.S. critical infrastructure” under the Computer Fraud and Abuse Act, the U.S. Department of State said . announcement.
ALPHV BlackCat operates as a ransomware-as-a-service business model in which the group’s members develop and maintain the ransomware variant and then recruit affiliates to deploy the ransomware, the RJF said.
In addition to the Tor-based tips reporting line, the RFJ also noted that “cryptocurrency relocation and reward payments may be available to eligible sources.”
THE BIG TREND
When Change Healthcare suffered a cyberattack, ransomware ultimately set off a chain reaction that resonated throughout the healthcare ecosystem – from patients and providers to pharmacies and payers – and continues today.
Federal agencies have confirmed that healthcare organizations have been targeted since the U.S. Department of Justice announced the seizure of the ALPHV gang’s infrastructure in December.
But the Blackcat attack on Change’s network, which is owned by UnitedHealth Group and processes 15 billion healthcare transactions annually, underscores the need for transparency in reporting cyber incidents and highlights the urgency of contingency planning for healthcare organizations, said Cliff Steinhauer, director of information. security and involvement in the National Cybersecurity Alliance.
He told Healthcare IT news earlier this month that fostering a culture of cybersecurity awareness and conducting regular security audits are essential to strengthening a company’s ability to conduct transactions and protect patient care.
“This attack is notable for its potential scale and the critical nature of the healthcare infrastructure it targets,” Steinhauer said.
UHG reportedly paid the ransom – about $22 million worth of Bitcoin. When Change began restoring service, a BlackCat affiliate claimed that ALPHV leaders quit, posted a fake takedown notice, and kept the entire ransom.
ON THE RECORD
“The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deployed ransomware on targeted systems, disabled security features within the victim’s network, stole sensitive confidential information, and demanded payment to restore access and threaten to make the stolen data public if victims do not pay a ransom,” the State Department said in a statement.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.