A Russian-speaking ransomware gang, ALPHV, also known as BlackCat, has reportedly disrupted a network directing insurance claims to pharmacies, amidst internal affiliate drama. The gang is alleged to have secured $22 million in Bitcoin following the attack on Change Healthcare. Concurrently, ALPHV has been advertising the sale of their ransomware source code for $5,000,000. Despite reports of the ALPHV BlackCat leak site being seized by law enforcement, further investigations suggest that the gang is executing an exit scam, misleading affiliates by faking a law enforcement takedown. This scenario is supported by analysis of the source code on the takedown notice. The servers of ALPHV/BlackCat Ransomware have also gone down, adding to the confusion. While there are claims of the site being seized by the FBI, UK agencies have denied responsibility, and researchers are speculating about a $22 million scam.
No honour among thieves. $22M ransomware payment gone wrong and the rug pull. https://t.co/nofuSF5ZOC https://t.co/MCDwZ9Kpzm
AlphV ransomware site claims it was seized by FBI; researchers suspect $22M scam https://t.co/1zxVMccP8H
Blackcat ransomware site reportedly seized but UK agency denies responsibility https://t.co/1QsxD9b2f9 https://t.co/o5VTm7n3Bt
ALPHV/BlackCat Ransomware Servers Go Down https://t.co/Y5qfi3LSlW
Since people continue to fall for the ALPHV/BlackCat cover up: ALPHV/BlackCat did not get seized. They are exit scamming their affiliates. It is blatantly obvious when you check the source code of the new takedown notice. You will see code like this. https://t.co/aLivk3gnMS
The new ALPHV BlackCat leak site has just been seized by law enforcement. https://t.co/ZRTYuoi6Cm
the current status of the ALPHV/Blackcat Ransomware admin /support on their tox is "selling source code for $5,000,000" cc: @intel_anastasia @ddd1ms @uuallan @BleepinComputer @BushidoToken @vxunderground @pancak3lullz @BrettCallow https://t.co/er2IcbIKyX
ALPHV, a Russian-speaking ransomware gang, is thought to have disabled a network responsible for directing insurance claims to pharmacies. https://t.co/7xJUPjAPi1
Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama https://t.co/iRMjkNlIFF via @theregister