At a glance.
- BlackCat/ALPHV ransomware gang receives $22 million payment.
- TA577 steals NTLM hashes.
- Exploits available for JetBrains TeamCity vulnerabilities.
- South Korean semiconductor industry targeted by DPRK.
BlackCat/ALPHV ransomware gang receives $22 million payment.
WIRED reports that BlackCat/ALPHV, the ransomware-as-a-service operation responsible for the attack against UnitedHealth Group's Change Healthcare platform, on March 1st received a payment of 350 bitcoins (approximately $22 million). The Register says UnitedHealth Group declined to say whether it paid the ransom. ALPHV said on its leak site last week that it had stolen six terabytes of sensitive data from Change Healthcare and its partners, but has since removed the post.
The Register also notes that ALPHV may be pulling an exit scam with the $22 million. Recorded Future researcher Dmitry Smilyanets says someone claiming to be the affiliate behind the Change Healthcare attack posted on an underground forum saying that ALPHV suspended their account and then "emptied the wallet and took all the money."
The Washington Post has published a summary of the impacts of the Change Healthcare attack. Molly Smith, group vice president for public policy at the American Hospital Association, stated, "Our assessment is that this is the most significant attack on the health-care system in U.S. history."