BlackCat, also known as ALPHV and Noberus, reportedly scammed its own affiliates after disrupting the U.S. healthcare system. The ransomware gang received around $22 million worth of Bitcoin on Mar. 1 following an attack on United Healthcare’s Change Healthcare in late February.
#ALPHV scamming affiliates? $22M paid and withdrawn
A surprising turn of events occurred when the address received over 1,000 BTC two days later and then promptly emptied the wallet. An affiliate named “notchy” claimed on a cybercriminal forum that BlackCat deceived its affiliates by not sharing the attack proceeds. This information was shared by Dmitry Smilyanets, Recorded Future’s product management director.
The attack on Change Healthcare’s network exposed data from other healthcare firms partnered with the IT provider. Affiliates were left frustrated as they did not receive their share of the profits, according to Wired.
Recorded Future and TRM Labs identified the Bitcoin address linked to BlackCat hackers, connected to nearly $100 million in Bitcoin. The BTC has been transferred to eight different addresses and remains unspent.
The address 14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b received 1,401.6953 BTC on March 1.
BlackCat, operating on a ransomware-as-a-service model, targeted companies globally, including Reddit in 2023. The FBI shut down the gang’s website in December 2023, seizing multiple websites and releasing a decryption tool.
In February 2024, the U.S. Department of State announced a reward of up to $10 million for information on key BlackCat leaders and up to $5 million for anyone involved in the group.
Read more news on Global Crypto News for the latest updates on cryptocurrency and cybersecurity.