The ransomware attack targeting medical firm Change Healthcare has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV, received a $22 million transaction that looks very much like a large ransom payment.

On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers who work with the group to penetrate victim networks—posted to the cybercriminal underground forum RAMP that AlphV had cheated them out of their share of the Change Healthcare ransom, pointing to the publicly visible $22 million transaction on Bitcoin’s blockchain as proof.

That suggests, according to Dmitry Smilyanets, the researcher for security firm Recorded Future who first spotted the post, that Change Healthcare has likely paid AlphV’s ransom. “You can see the number of coins that landed there. You don’t see that kind of transaction so often,” Smilyanets says. “There’s proof of a large amount landing in the AlphV-controlled Bitcoin wallet. And this affiliate connects this address to the attack on Change Healthcare. So it’s likely that the victim paid the ransom.”

When WIRED reached out to United Healthcare, which owns Change Healthcare, a spokesperson declined to answer whether it had paid a ransom to AlphV, responding only that “we are focused on the investigation right now.”

Both Recorded Future and TRM Labs, a blockchain analysis firm, connect the Bitcoin address that received the $22 million payment to the AlphV hackers. TRM Labs says it can link the address to payments from two other AlphV victims in January.

This is a developing story. Check back for updates.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Britain’s secret biosecurity blunders revealed – including LOSING a genetically-modified mouse and an experiment gone wrong involving a smallpox-like virus

British researchers lost a genetically modified mouse and accidentally released a smallpox-like…

Instagram posts by loved ones are ‘more dangerous than those by celebrities’

Instagram is often slammed for creating unrealistic body ideals, but a new…

‘The Mandalorian’ Is Getting a Movie—Which It Should Have Been All Along

Today in news we weren’t expecting in the second week of 2024:…

How The Tumult of 2020 Will Shape the Future of Ride Sharing

Uber and Lyft had it pretty good in the beginning. The companies…