Trust Me – I’m An Honest Criminal

Law Enforcement Seized Website Notice

After collecting a $22 million ransome, AlphV ransomware group stages FBI takedown.

The ransomware group responsible for hamstringing the prescription drug market for two weeks has suddenly gone dark, just days after receiving a $22 million payment and standing accused of scamming an affiliate out of its share of the loot.

The events involve AlphV, a ransomware group also known as BlackCat. Two weeks ago, it took down Change Healthcare, the biggest US health care payment processor, leaving pharmacies, health care providers, and patients scrambling to fill prescriptions for medicines. On Friday, the bitcoin ledger shows, the group received nearly $22 million in cryptocurrency, stoking suspicions the deposit was payment by Change Healthcare in exchange for AlphV decrypting its data and promising to delete it.

On Sunday, two days following the payment, a party claiming to be an AlphV affiliate said in an online crime forum that the nearly $22 million payment was tied to the Change Healthcare breach. The party went on to say that AlphV members had cheated the affiliate out of the agreed upon cut of the payment. In response, the affiliate said it did not delete the Change Healthcare data it had obtained.

AlphV/Blackcat Scam Screenshot

On Tuesday, four days after the bitcoin payment was made and two days after the affiliate claimed to have been cheated out of its cut, AlphV’s public dark web site started displaying a message saying it had been seized by the FBI as part of an international law enforcement action.

The UK’s National Crime Agency and the FBI have denied any involvement in the take-down.

They are exit scamming their affiliates and once again, this group has decided to go dormant, but then I guess with $22 million in bank, you can afford to lay low for a year without thinking about it.

DarkSide, a ransomware group that suddenly went dark after breaching Colonial Pipeline, one of the biggest US suppliers of gasoline. Many researchers believe DarkSide suspended operations after the attack on Colonial Pipeline attracted too much attention from law enforcement. Then, after remaining dormant for a time, the group rebranded itself as AlphV/BlackCat.