The Blackcat ransomware gang, also known as “ALPHV,” are the culprits behind UnitedHealth’s technology unit outage, said two people aware of the situation on Monday. The hackers gained access to Change Healthcare’s information technology systems last week, leading to prescription disruptions at pharmacies nationwide.
Mandiant, Alphabet’s cybersecurity unit, is investigating the breach, which it confirmed in a statement that said it “has been engaged in support of the incident response.”
Blackcat is one of the most infamous of today’s internet’s ransomware gangs. It has previous attacked corporations such as MGM Resorts International and Caesers Entertainment. The U.S. led a international law enforcement effort in December to seize several of the websites used by Blackcat, along with hundreds of digital keys that are used to decrypt a person’s data.
However, these types of efforts probably won’t end a ransomware gang for good, said Emisisoft Threat Analyst Brett Callow. “It’s inevitable that if you have a group that’s making millions of bucks, they are going to attempt to make a comeback.”
