A significant ransomware attack by a group known as AlphV or BlackCat has severely disrupted pharmacies across the U.S., affecting the delivery of prescription medications for over ten days. This attack on Change Healthcare has resulted in considerable difficulties for hospital pharmacies and nationwide drug distribution.

Internal conflict within the criminal community has shed light on a possible $22 million ransom payment to AlphV, linked to the attack on Change Healthcare. An affiliate of AlphV accused the group of withholding their share of the ransom, citing a substantial Bitcoin transaction as evidence of the payment.

Payment speculation: Evidence suggests Change Healthcare may have paid the ransom to AlphV, as indicated by the large Bitcoin transaction to an address associated with the hackers. This has led to speculation among cybersecurity researchers that the healthcare firm capitulated to the hackers’ demands.

Paying the ransom could set a troubling precedent for the healthcare sector, encouraging further ransomware attacks by demonstrating their profitability. Experts warn that succumbing to such demands fuels future criminal activities and targets the health sector repeatedly.

Risks of negotiating with cybercriminals: An AlphV affiliate, feeling cheated out of the ransom, warned against dealing with AlphV and revealed potential access to sensitive data from numerous healthcare firms. This situation underscores the risks of negotiating with cybercriminals, as betrayed affiliates may independently leverage or leak sensitive information.

The $22 million ransom, if confirmed, would be among the highest in ransomware history, highlighting the significant threat posed by groups like AlphV to critical sectors, including healthcare.

Uncertain future: Despite a recent crackdown by the FBI, AlphV successfully executed a major attack on Change Healthcare. The group’s current status is uncertain, following the appearance of a law enforcement seizure notice on its site, which may be a response to internal conflicts or another takedown attempt. The historical pattern of rebranding suggests AlphV or its predecessors may resurface under a new guise.